Double Free in Zephyr - CVE-2022-3806

 

Double Free in Zephyr - CVE-2022-3806

Published: January 23, 2023


Vulnerability identifier: #VU71419
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-3806
CWE-ID: CWE-415
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Zephyr Project
Affected software:
Zephyr

Detailed vulnerability description

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in bluetooth hci. An attacker with physical access can trigger double free error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


How to mitigate CVE-2022-3806

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources