Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HCI send_sync Dangling Semaphore Reference Re-use
Vulnerability Description
The bluetooth HCI host layer logic not clearing a global reference to a semaphore after synchronously sending HCI commands may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer.
CVSS Information
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
Vulnerability Type
N/A
Vulnerability Title
Zephyr 缓冲区错误漏洞
Vulnerability Description
Zephyr是Zephyr Project开源的一个可扩展的实时操作系统 (RTOS)。 Zephyr 3.3及之前版本存在安全漏洞,该漏洞源于同步发送HCI命令后不清除对信号量的全局引用,可能会允许恶意HCI控制器导致在主机层中使用悬空引用,从而导致崩溃(DoS)。
CVSS Information
N/A
Vulnerability Type
N/A