Primary

Context

Zephyr Bluetooth Low Energy Fixed Channel Disconnection Vulnerability Leading to Denial-of-Service

Vulnerability

A vulnerability exists in Zephyr versions through 4.1 in the Bluetooth Low Energy (BLE) stack. It allows an attacker to send malformed BLE traffic that forces the target device to disconnect a fixed channel, such as SMP or ATT. This behavior violates the Bluetooth specification and can result in undefined consequences, including assertion failures, crashes, or memory corruption, depending on the specific BLE stack implementation.

Impact

Exploitation of this vulnerability can cause a remote crash or denial-of-service condition on the affected device.

Reproduction

The vulnerability can be reproduced by sending two 'L2CAP Flow Control Credit Indication' requests that trigger an overflow. The device will respond by attempting to disconnect a fixed channel, such as the LE Signal Channel, SMP, or ATT, which is not permitted by the Bluetooth specification. This improper handling can lead to a crash or other disruptive behavior.

Added: Sep 19, 2025, 6:20 AM

Updated: Sep 19, 2025, 6:20 AM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.6

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.6

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Zephyr Bluetooth Low Energy Fixed Channel Disconnection Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Reproduction

Affected Products

Zephyr

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating