CVE-2024-48986

Name of the Vulnerable Software and Affected Versions Mbed OS version 6.16.0

Description An issue was discovered in the hci parsing software of Mbed OS, where it dynamically determines the length of certain hci packets by reading a byte from its header. This can lead to a buffer overflow when the subsequent write operation copies the amount of data specified in the packet header, which may exceed the allocated buffer length. The bug can be exploited for a denial of service, but it is not certain to suffice to bring the system down and can generally not be exploited further because the exploitable buffer is dynamically allocated.

Recommendations For Mbed OS version 6.16.0, as a temporary workaround, consider restricting the use of the hci parsing software until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.