Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

zephyrproject-rtos — Vulnerabilities & Security Advisories 119

Browse all 119 CVE security advisories affecting zephyrproject-rtos. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Zephyr Project is an open-source real-time operating system designed for constrained, resource-limited devices, primarily serving the Internet of Things and embedded systems sectors. Its architecture supports diverse hardware architectures, enabling developers to build secure, scalable applications for wearables, medical devices, and industrial sensors. Historically, the codebase has exhibited vulnerabilities typical of complex C-based systems, including buffer overflows, use-after-free errors, and improper input validation, which can lead to remote code execution or privilege escalation. While no single catastrophic incident has defined its history, the high volume of recorded CVEs highlights the challenges of maintaining security in a rapidly evolving, community-driven project. The RTOS relies on rigorous code review and automated testing to mitigate risks, yet its widespread adoption in critical infrastructure necessitates continuous vigilance against exploitation of memory safety flaws and configuration weaknesses.

Top products by zephyrproject-rtos: zephyr
CVE IDTitleCVSSSeverityPublished
CVE-2024-6258 BT: Missing length checks of net_buf in rfcomm_handle_data — ZephyrCWE-122 6.8 Medium2024-09-13
CVE-2024-5754 BT: Encryption procedure host vulnerability — ZephyrCWE-807 8.2 High2024-09-13
CVE-2024-4785 BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero — ZephyrCWE-369 7.6 High2024-08-19
CVE-2024-3332 bt: host/smp: DoS caused by null pointer dereference — ZephyrCWE-476 6.5 Medium2024-07-03
CVE-2024-3077 Bluetooth: integer underflow in gatt_find_info_rsp — ZephyrCWE-126 6.8 Medium2024-03-29
CVE-2023-7060 Missing Security Control in Zephyr OS IP Packet Handling — Zephyr 8.6 High2024-03-15
CVE-2023-6881 fs: fuse: buffer overflow vulnerability in the Zephyr FS — ZephyrCWE-120 7.3 High2024-02-20
CVE-2024-1638 Bluetooth characteristic LESC security requirement not enforced without additional flags — ZephyrCWE-20 8.2 High2024-02-19
CVE-2023-5779 can: out of bounds in remove_rx_filter function — ZephyrCWE-787 4.4 Medium2024-02-18
CVE-2023-6249 ipm: signed to unsigned conversion problem in esp32_ipm_send — ZephyrCWE-704 8.0 High2024-02-18
CVE-2023-6749 Unchecked user input length in the Zephyr Settings Shell — ZephyrCWE-121 8.0 High2024-02-18
CVE-2023-5055 L2CAP: Possible Stack based buffer overflow in le_ecred_reconf_req() — ZephyrCWE-121 8.3 High2023-11-21
CVE-2023-4424 bt: hci: DoS and possible RCE — ZephyrCWE-190 8.3 High2023-11-21
CVE-2023-5139 Potential buffer overflow vulnerability in the Zephyr STM32 Crypto driver — ZephyrCWE-120 4.4 Medium2023-10-26
CVE-2023-5753 Potential buffer overflow vulnerabilities in the Zephyr Bluetooth subsystem — ZephyrCWE-120 6.3 Medium2023-10-24
CVE-2023-4257 Unchecked user input length in the Zephyr WiFi shell module — ZephyrCWE-120 7.6 High2023-10-13
CVE-2023-4263 Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver — ZephyrCWE-120 7.6 High2023-10-13
CVE-2023-5563 Zephyr 安全漏洞 — ZephyrCWE-703 7.1 High2023-10-12
CVE-2023-3725 Potential buffer overflow vulnerability in the Zephyr CANbus subsystem — ZephyrCWE-120 7.6 High2023-10-06
CVE-2023-5184 Potential signed to unsigned conversion errors and buffer overflow vulnerabilities in the Zephyr IPM driver — ZephyrCWE-120 7.0 High2023-09-27
CVE-2023-4260 Potential off-by-one buffer overflow vulnerability in the Zephyr FS subsystem — ZephyrCWE-120 6.3 Medium2023-09-26
CVE-2023-4264 Potential buffer overflow vulnerabilities in the Zephyr Bluetooth subsystem — ZephyrCWE-120 7.1 High2023-09-26
CVE-2023-4259 Potential buffer overflow vulnerabilities in the Zephyr eS-WiFi driver — ZephyrCWE-120 7.1 High2023-09-25
CVE-2023-4258 bt: mesh: vulnerability in provisioning protocol implementation on provisionee side — ZephyrCWE-684 8.6 High2023-09-25
CVE-2023-4265 Buffer overflow in Zephyr USB — ZephyrCWE-120 6.4 Medium2023-08-12
CVE-2023-1901 HCI send_sync Dangling Semaphore Reference Re-use — Zephyr 5.9 Medium2023-07-10
CVE-2023-2234 BT HCI host union variant confusion — ZephyrCWE-843 6.8 Medium2023-07-10
CVE-2023-1902 HCI Connection Creation Dangling State Reference Re-use — Zephyr 5.9 Medium2023-07-10
CVE-2023-0359 ipv6: Missing ipv6 nullptr-check in handle_ra_input — ZephyrCWE-20 5.9 Medium2023-07-10
CVE-2023-0779 net: shell: Improper input validation — zephyrCWE-20 6.7 Medium2023-05-30

This page lists every published CVE security advisory associated with zephyrproject-rtos. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.