3Zd3Z

Name of the Vulnerable Software and Affected Versions: Zephyr versions 2.4.0 and later Zephyr versions 2.5.0 and later Description: Disconnecting L2CAP channel right after an invalid ATT request can cause a freeze. The issue is related to a Use After Free condition. Recommendations: For Zephyr versions 2.4.0 and later, consider disabling the L2CAP channel functionality until a patch is available. For Zephyr versions 2.5.0 and later, restrict access to the ATT request module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zephyr versions 2.4.0 and later **Description** The issue is related to unexpected pointer aliasing in IEEE 802154 fragment reassembly in Zephyr, which contains a NULL pointer dereference. **Recommendations** For Zephyr versions 2.4.0 and later, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zephyr versions >= v1.14.2, >= v2.2.0 **Description** The issue results in a denial of service due to unchecked packet data in Zephyr Bluetooth. This is caused by improper handling of parameters. **Recommendations** For Zephyr versions >= v1.14.2, >= v2.2.0, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Zephyr versions 1.14.2 and later Zephyr versions 2.2.0 and later **Description** The issue is related to a Remote Denial of Service in LwM2M do write op tlv, caused by Improper Input Validation and an Infinite Loop. **Recommendations** For Zephyr versions 1.14.2 and later, update to a version that includes the fix for the Improper Input Validation and Infinite Loop issues. For Zephyr versions 2.2.0 and later, update to a version that includes the fix for the Improper Input Validation and Infinite Loop issues. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zephyr versions 1.14.2 and later, 2.4.0 and later **Description** The issue is related to an integer overflow in memory allocating functions, which may allow an attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Zephyr versions 1.14.2 and later, 2.4.0 and later, at the moment, there is no information about a newer version that contains a fix for this vulnerability.