Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

zephyrproject-rtos — Vulnerabilities & Security Advisories 119

Browse all 119 CVE security advisories affecting zephyrproject-rtos. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Zephyr Project is an open-source real-time operating system designed for constrained, resource-limited devices, primarily serving the Internet of Things and embedded systems sectors. Its architecture supports diverse hardware architectures, enabling developers to build secure, scalable applications for wearables, medical devices, and industrial sensors. Historically, the codebase has exhibited vulnerabilities typical of complex C-based systems, including buffer overflows, use-after-free errors, and improper input validation, which can lead to remote code execution or privilege escalation. While no single catastrophic incident has defined its history, the high volume of recorded CVEs highlights the challenges of maintaining security in a rapidly evolving, community-driven project. The RTOS relies on rigorous code review and automated testing to mitigate risks, yet its widespread adoption in critical infrastructure necessitates continuous vigilance against exploitation of memory safety flaws and configuration weaknesses.

Top products by zephyrproject-rtos: zephyr
CVE IDTitleCVSSSeverityPublished
CVE-2021-3329 DOS: Incorrect handling of the initial HCI ACL_MTU handshake packet leads to crash of bluetooth host layer — zephyrCWE-703 9.6 Critical2023-02-26
CVE-2022-3806 Bluetooth HCI Error Handling Double Free — zephyrCWE-415 9.8 -2023-01-19
CVE-2023-0396 Buffer Overreads in Bluetooth HCI — zephyrCWE-126 8.8 -2023-01-19
CVE-2023-0397 DoS: Invalid Initialization in le_read_buffer_size_complete — zephyrCWE-703 9.6 Critical2023-01-19
CVE-2021-3966 Usb bluetooth device ACL read cb buffer overflow — zephyrCWE-122 9.6 Critical2023-01-11
CVE-2022-0553 Possible to retrieve uncrypted firmware image — zephyrCWE-200 6.5 Medium2023-01-11
CVE-2022-2993 bt: host: Wrong key validation check — zephyr 8.6 High2022-12-12
CVE-2022-2741 can: denial-of-service can be triggered by a crafted CAN frame — zephyrCWE-400 8.2 High2022-10-31
CVE-2022-1841 Out-of-bound write in tcp_flags — zephyrCWE-787 7.2 High2022-08-31
CVE-2022-1042 Out-of-bound write vulnerability in the Bluetooth mesh core stack can be triggered during provisioning — zephyrCWE-787 8.2 High2022-07-26
CVE-2022-1041 Out-of-bound write vulnerability in the Bluetooth mesh core stack can be triggered during provisioning — zephyrCWE-787 8.2 High2022-07-26
CVE-2021-3435 L2CAP: Information leakage in le_ecred_conn_req() — zephyrCWE-908 4.0 Medium2022-06-28
CVE-2021-3434 L2CAP: Stack based buffer overflow in le_ecred_conn_req() — zephyrCWE-121 4.9 Medium2022-06-28
CVE-2021-3433 BT: Invalid channel map in CONNECT_IND results to Deadlock — zephyrCWE-703 4.0 Medium2022-06-28
CVE-2021-3432 BT: Invalid interval in CONNECT_IND leads to Division by Zero — zephyrCWE-369 4.3 Medium2022-06-28
CVE-2021-3431 BT: Assertion failure on repeated LL_FEATURE_REQ — zephyrCWE-617 4.3 Medium2022-06-28
CVE-2021-3430 BT: Assertion failure on repeated LL_CONNECTION_PARAM_REQ — zephyrCWE-617 6.5 Medium2022-06-28
CVE-2021-3861 The RNDIS USB device class includes a buffer overflow vulnerability — zephyrCWE-122 8.2 High2022-02-07
CVE-2021-3835 Buffer overflow in usb device class — zephyrCWE-122 8.2 High2022-02-07
CVE-2021-3454 Truncated L2CAP K-frame causes assertion failure — zephyrCWE-130 4.3 Medium2021-10-19
CVE-2021-3455 Disconnecting L2CAP channel right after invalid ATT request leads freeze — zephyrCWE-416 4.3 Medium2021-10-19
CVE-2021-3330 RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr — zephyrCWE-787 7.1 High2021-10-12
CVE-2021-3323 Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr — zephyrCWE-191 8.3 High2021-10-12
CVE-2021-3322 Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr — zephyrCWE-476 6.5 Medium2021-10-12
CVE-2021-3321 Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal — zephyrCWE-680 7.5 High2021-10-12
CVE-2021-3625 Buffer overflow in Zephyr USB DFU DNLOAD — zephyrCWE-122 9.6 Critical2021-10-05
CVE-2021-3581 Buffer Access with Incorrect Length Value in zephyr — zephyrCWE-805 7.0 High2021-10-05
CVE-2021-3510 Zephyr JSON decoder incorrectly decodes array of array — zephyrCWE-588 7.5 High2021-10-05
CVE-2021-3436 BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known — zephyrCWE-694 4.3 Medium2021-10-05
CVE-2021-3319 DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses — zephyrCWE-476 6.5 Medium2021-10-05

This page lists every published CVE security advisory associated with zephyrproject-rtos. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.