Zephyrproject

Zephyr

116 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2026-1678

Exploit
  • EPSS 0.05%
  • Veröffentlicht 05.03.2026 06:21:36
  • Zuletzt bearbeitet 09.03.2026 18:33:42

dns_unpack_name() caches the buffer tailroom once and reuses it while appending DNS labels. As the buffer grows, the cached size becomes incorrect, and the final null terminator can be written past the buffer. With assertions disabled (default), a ma...

4.6

CVE-2026-20435

  • EPSS 0.01%
  • Veröffentlicht 02.03.2026 08:39:12
  • Zuletzt bearbeitet 03.03.2026 12:52:46

In preloader, there is a possible read of device unique identifiers due to a logic error. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interact...

6.7

CVE-2025-20747

  • EPSS 0.01%
  • Veröffentlicht 04.11.2025 06:20:19
  • Zuletzt bearbeitet 05.11.2025 17:11:25

In gnss service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitatio...

6.7

CVE-2025-20746

  • EPSS 0.01%
  • Veröffentlicht 04.11.2025 06:20:17
  • Zuletzt bearbeitet 05.11.2025 17:11:34

In gnss service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitatio...

6.5

CVE-2025-10456

  • EPSS 0.02%
  • Veröffentlicht 19.09.2025 05:21:33
  • Zuletzt bearbeitet 29.10.2025 18:16:37

A vulnerability was identified in the handling of Bluetooth Low Energy (BLE) fixed channels (such as SMP or ATT). Specifically, an attacker could exploit a flaw that causes the BLE target (i.e., the device under attack) to attempt to disconnect a fix...

7.6

CVE-2025-10458

  • EPSS 0.02%
  • Veröffentlicht 19.09.2025 05:20:20
  • Zuletzt bearbeitet 29.10.2025 18:08:06

Parameters are not validated or sanitized, and are later used in various internal operations.

6.5

CVE-2025-7403

  • EPSS 0.02%
  • Veröffentlicht 19.09.2025 05:19:18
  • Zuletzt bearbeitet 29.10.2025 18:05:53

Unsafe handling in bt_conn_tx_processor causes a use-after-free, resulting in a write-before-zero. The written 4 bytes are attacker-controlled, enabling precise memory corruption.

8.1

CVE-2025-10457

Exploit
  • EPSS 0.04%
  • Veröffentlicht 19.09.2025 05:17:40
  • Zuletzt bearbeitet 29.10.2025 18:52:28

The function responsible for handling BLE connection responses does not verify whether a response is expected—that is, whether the device has initiated a connection request. Instead, it relies solely on identifier matching.

6.8

CVE-2025-20696

  • EPSS 0.01%
  • Veröffentlicht 04.08.2025 01:49:46
  • Zuletzt bearbeitet 18.08.2025 15:42:28

In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is need...

7.5

CVE-2025-2962

Exploit
  • EPSS 0.05%
  • Veröffentlicht 24.06.2025 05:32:11
  • Zuletzt bearbeitet 30.10.2025 15:50:09

A denial-of-service issue in the dns implemenation could cause an infinite loop.