CVE-2024-48983

Name of the Vulnerable Software and Affected Versions MBed OS version 6.16.0

Description An issue was discovered in the processing of HCI packets, where the software dynamically determines the packet data length by reading 2 bytes from the packet header. A buffer is allocated based on this length, plus the header length, and then incremented by the size of wsfMsg t. This may cause an integer overflow, resulting in a buffer that is too small to contain the entire packet, potentially leading to a buffer overflow of up to 65 KB. This bug can be exploited for a denial of service, but further exploitation is generally not possible due to the dynamic allocation of the exploitable buffer.

Recommendations For MBed OS version 6.16.0, consider disabling the processing of HCI packets until a patch is available to prevent potential denial of service attacks. Restrict access to the vulnerable buffer allocation function to minimize the risk of exploitation. Avoid using the wsfMsgAlloc function with dynamically determined packet lengths until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.