Mkarhumaa

**Name of the Vulnerable Software and Affected Versions** Zephyr versions >= v2.5.0 **Description** The issue is related to a reachable assertion with repeated LL FEATURE REQ, which is classified as a Reachable Assertion (CWE-617). **Recommendations** For Zephyr versions >= v2.5.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zephyr versions >= v2.5.0 **Description** The issue arises from an invalid channel map in CONNECT IND, resulting in a deadlock due to improper check or handling of exceptional conditions. This is classified as CWE-703. **Recommendations** For Zephyr versions >= v2.5.0, consider temporarily disabling the CONNECT IND functionality until a patch is available to prevent deadlocks caused by invalid channel maps. Restrict access to the vulnerable module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zephyr versions >= v2.5.0 **Description** A stack-based buffer overflow issue exists in the `le ecred conn req()` function. This issue is related to a stack-based buffer overflow, which can be exploited. **Recommendations** For Zephyr versions >= v2.5.0, consider disabling the `le ecred conn req()` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zephyr versions >= v2.4.0 **Description** The issue is related to information leakage in the `le ecred conn req()` function, which is caused by the use of an uninitialized resource. This is classified as a CWE-908 vulnerability. **Recommendations** For Zephyr versions >= v2.4.0, consider disabling the `le ecred conn req()` function until a patch is available to prevent potential information leakage. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Zephyr versions 2.4.0 and later Description: The issue is caused by a truncated L2CAP K-frame, leading to an assertion failure. This is due to improper handling of length parameter inconsistency and a reachable assertion. Recommendations: For Zephyr versions 2.4.0 and later, update to a version that contains a fix for the improper handling of length parameter inconsistency and reachable assertion. At the moment, there is no information about a newer version that contains a fix for this vulnerability.