Vulnerabilities in Zephyr’s Bluetooth LE Stack May Lead to DoS Attacks


Six of the flaws, the researcher explains, could be abused by an attacker by sending malformed input that would cause the device to freeze. This could result in the device rebooting itself or may even allow for remote code execution in some instances.

Other vulnerabilities could be exploited either to cause the device to misbehave and prevent other devices from connecting to it, or to access potentially sensitive information, including encryption keys or memory layout.

Offered under Apache license, Zephyr is an operating system that offers support for various CPU architectures, including ARM Cortex-M, ARC, Intel x86, NIOS II, RISC-V 32, SPARC V8, and Tensilica Xtensa.