CVE-2022-25635 MEDIUM

CVE-2022-25635: Realtek Linux/Android Bluetooth Mesh SDK - Buffer Overflow

Vendor Realtek
Product Linux/Android Bluetooth Mesh SDK
Weakness CWE-120
Published August 30, 2022
Last update September 16, 2024

CVSS base score

6.5/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for broadcast network packet length. An unauthenticated attacker in the adjacent network can exploit this vulnerability to disrupt service.

Key dates

02Disclosure timeline

August 30, 2022 CVE published
September 16, 2024 Record updated