"Zephyr RTOS Fixes Bluetooth Bugs That May Lead to Code Execution"

Security patches were released earlier this month for the Zephyr real-time operating system (RTOS) used for embedded devices. The patches fix multiple vulnerabilities that can lead to a denial-of-service (DoS) condition and remote code execution if exploited by malicious threat actors. These vulnerabilities were found in Zephyr's Bluetooth LE Link Layer (LL) and its implementation of the Logical Link Control and Adaptation Protocol (L2CAP). Zephyr is a small open-source project backed by Facebook, Google, Intel, Nordic Semiconductors, Adafruit, and other big names in the industry. The Zephyr OS supports more than 200 boards with various CPU architectures, including ARM, Cortex-M, Intel x86, ARC, NIOS II, Tensilica Xtensa, SPARC V8, and RISC-V 32, thus making it attractive for those that make small embedded devices such as hearing aids, smart tags, distancing trackers, safety pods for smart PPE, IoT gateways, and portable backup devices. The vulnerabilities were discovered by Matias Karhumaa, a senior software engineer at Synopsys, after testing the lowest layers of the operating system's Bluetooth LE stack. Most of the flaws that were discovered in the Bluetooth LE Link Layer and the L2CAP implementation impact Zephyr versions 2.5.0 and 2.4.0. Some of the vulnerabilities were also found in Zephyr version 1.14. The exploitation of these flaws could allow attackers to prevent the targeted devices from functioning by causing them to freeze or behave differently in a way that stops other systems from connecting to them. One of the vulnerabilities received a high severity score as it could cause an information leak involving sensitive data. This article continues to discuss the discovery and potential impact of the Bluetooth-related vulnerabilities in the Zephyr RTOS. 

Bleeping Computer reports "Zephyr RTOS Fixes Bluetooth Bugs That May Lead to Code Execution"