CVE-2023-1902

Name of the Vulnerable Software and Affected Versions Zephyr (affected versions not specified)

Description The issue is related to a Bluetooth protocol implementation flaw in the Zephyr real-time operating system, involving the use of memory after it has been freed. This could allow a remote attacker to cause a denial of service or potentially execute arbitrary code. The bluetooth HCI host layer logic fails to clear a global reference to a state pointer after handling connection events, which may enable a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash or potential remote code execution on the Host layer.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.