CVE-2024-48985

Name of the Vulnerable Software and Affected Versions MBed OS version 6.16.0

Description An issue was discovered in the processing of HCI packets. The software dynamically determines the length of the packet data by reading 2 bytes from the packet data. A buffer is then allocated to contain the entire packet. If the allocation fails because the specified packet is too large, no exception handling occurs, leading to a buffer overflow. This can be leveraged into an arbitrary write by an attacker, allowing the overwrite of the pointer to the buffer that is supposed to receive the contents of the packet body and the state variable used by the function to determine which step of the parsing process is currently being executed.

Recommendations For MBed OS version 6.16.0, as a temporary workaround, consider disabling the processing of HCI packets until a patch is available. Restrict access to the hciTrSerialRxIncoming function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.