CVE-2022-26529 MEDIUM

CVE-2022-26529: Realtek Linux/Android Bluetooth Mesh SDK - Buffer Overflow

Vendor Realtek
Product Linux/Android Bluetooth Mesh SDK
Weakness CWE-120
Published August 30, 2022
Last update September 17, 2024

CVSS base score

6.5/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for segmented packets’ link parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service.

Key dates

02Disclosure timeline

August 30, 2022 CVE published
September 17, 2024 Record updated