Primary

Context

Apache NimBLE Out-of-Bounds Read Vulnerability in HCI H4 Driver

Vulnerability

A vulnerability allowing out-of-bounds read has been identified in the Apache NimBLE HCI H4 driver, affecting versions through 1.8. This vulnerability arises when a specially crafted HCI event leads to an invalid memory read. The issue requires a faulty Bluetooth controller for exploitation, which is why it is considered to have low severity.

Impact

Exploitation of this vulnerability could lead to invalid memory reads, potentially causing memory corruption or allowing for further exploitation.

Remediation

Users are advised to upgrade to Apache NimBLE version 1.9, which addresses this vulnerability.

Added: Jan 10, 2026, 10:18 AM

Updated: Jan 10, 2026, 10:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.0

remediation

7.7

relevance

2.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.0

remediation

7.7

relevance

2.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache NimBLE Out-of-Bounds Read Vulnerability in HCI H4 Driver

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating