Bluetooth Broadcast Assistant Vulnerability in Zephyr RTOS
CVE-2026-10660
6.4MEDIUM
What is CVE-2026-10660?
The Bluetooth Broadcast Assistant in Zephyr RTOS contains a vulnerability that allows the reassembly of remote Broadcast Receive State data into a shared static buffer, leading to potential memory corruption and denial of service. When connected to multiple Scan Delegator devices, notification and long-read callbacks can interleave on this shared buffer. The lack of tailroom checks allows data from different connections to overwrite each other's memory, causing out-of-bounds writes and cross-connection data corruption. The fix involves moving to a per-connection buffer, ensuring data isolation between connections.
Affected Version(s)
zephyr 3.6.0 < 4.5.0
