CVE-2023-1901

Name of the Vulnerable Software and Affected Versions Zephyr (affected versions not specified)

Description The issue is related to the Bluetooth protocol implementation, specifically with the bluetooth HCI host layer logic not clearing a global reference to a semaphore after synchronously sending HCI commands. This may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash or potential remote code execution (RCE) on the Host layer. Additionally, there is a buffer overflow issue in the Zephyr real-time operating system's Bluetooth protocol implementation, which can be exploited by a remote attacker to cause a denial of service or execute arbitrary code.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.