Alps Alpine Bluetooth Stack Buffer Overflow Vulnerability in Bosch Infotainment ECU on Nissan Leaf ZE1

Vulnerability

A stack-based buffer overflow vulnerability has been identified in the Bluetooth stack developed by Alps Alpine, specifically within the Infotainment ECU manufactured by Bosch for the Nissan Leaf ZE1 model from 2020. This vulnerability arises from improper boundary validation of user-supplied data, allowing an attacker to exploit the issue by sending a specific packet over an established L2CAP channel. Successfully leveraging this vulnerability could result in remote code execution on the affected Infotainment ECU with root privileges.

Impact

Exploitation of this vulnerability allows for remote code execution on the Infotainment ECU, with the executed code running with root privileges.

Added: Feb 15, 2026, 12:58 PM

Updated: Feb 15, 2026, 12:58 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.7

remediation

0.0

relevance

2.8

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.7

remediation

0.0

relevance

2.8

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Alps Alpine Bluetooth Stack Buffer Overflow Vulnerability in Bosch Infotainment ECU on Nissan Leaf ZE1

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating