CNNVD-202511-2893 Information

CNNVD ID

CNNVD-202511-2893

Related CVE

CVE-2025-9558

• CNNVD Published: 2025-11-26

Description (Chinese)

Zephyr是Zephyr开源的一个可扩展的实时操作系统 (RTOS)。 Zephyr存在安全漏洞，该漏洞源于pb_adv.c中gen_prov_start函数未验证数据大小即复制接收数据到link.rx.buf接收缓冲区，可能导致越界写入。

Description (English)

Zephyr is an extended real-time operating system (RTOS) from Zephyr open source. Zephyr has a security loophole, which stems from the fact that the pb adv.c gen prov start function does not verify the size of the data, i.e. copying the data received to the link.rx.buf receiving buffer zone, which may result in cross-border writing.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Zephyr

Published

2025-11-26

Last Modified

2026-02-24

References

https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8wvr-688x-68vr https://access.redhat.com/security/cve/cve-2025-9558

Patch

https://github.com/zephyrproject-rtos/zephyr/releases