SecurityWeek reports that eight recently patched security vulnerabilities in Zephyr's Bluetooth LE stack may result in denial-of-service attacks and sensitive information leaks, if exploited.
Synopsys Cybersecurity Research Center researcher Matias Kahumaa said that threat actors could abuse six of the identified flaws by sending malformed input that would result in device freezes, while they could exploit the other flaws by prompting device misbehavior or preventing outside connections to the device. Stack buffer overflow bug CVE-2021-3434 and use-after-free flaw CVE-2021-3455, both of which could prompt DoS and remote code execution, are the most significant vulnerabilities.
"All of the reported vulnerabilities can be triggered from within the range of Bluetooth LE. Triggering the vulnerability does not require authentication or encryption. The only requirement is that the device is in advertising mode and accepting connections," said Kahumaa.
Zephyr received a report of the security flaws on March 11 and addressed them with the Zephyr 2.6.0 update released on June 5.
Synopsys Cybersecurity Research Center researcher Matias Kahumaa said that threat actors could abuse six of the identified flaws by sending malformed input that would result in device freezes, while they could exploit the other flaws by prompting device misbehavior or preventing outside connections to the device. Stack buffer overflow bug CVE-2021-3434 and use-after-free flaw CVE-2021-3455, both of which could prompt DoS and remote code execution, are the most significant vulnerabilities.
"All of the reported vulnerabilities can be triggered from within the range of Bluetooth LE. Triggering the vulnerability does not require authentication or encryption. The only requirement is that the device is in advertising mode and accepting connections," said Kahumaa.
Zephyr received a report of the security flaws on March 11 and addressed them with the Zephyr 2.6.0 update released on June 5.