Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for segmented packets’ link parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/tw/cp-132-6459-09c82-1.html | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
AND |
|
History
02 Sep 2022, 20:09
Type | Values Removed | Values Added |
---|---|---|
First Time |
Linux
Realtek bluetooth Mesh Software Development Kit Google android Linux linux Kernel Realtek |
|
CWE | CWE-120 | |
References | (MISC) https://www.twcert.org.tw/tw/cp-132-6459-09c82-1.html - Third Party Advisory, VDB Entry | |
CPE | cpe:2.3:o:google:android:-:*:*:*:*:*:*:* cpe:2.3:a:realtek:bluetooth_mesh_software_development_kit:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* |
30 Aug 2022, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-30 05:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-26529
Mitre link : CVE-2022-26529
CVE.ORG link : CVE-2022-26529
JSON object : View
Products Affected
linux
- linux_kernel
realtek
- bluetooth_mesh_software_development_kit
- android
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')