oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2025-53470: Apache NimBLE: Out-of-Bounds Write Vulnerability in NimBLE HCI H4 driver

From: Szymon Janc <janc () apache org>
Date: Thu, 08 Jan 2026 09:53:43 +0000
Severity: low 

Affected versions:

- Apache NimBLE through 1.8

Description:

Out-of-bounds Read vulnerability in Apache  NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid 
memory read in H4 driver.

This issue affects Apache NimBLE: through 1.8. 

This issue requires a broken or bogus Bluetooth controller and thus severity is considered low.

Users are recommended to upgrade to version 1.9, which fixes the issue.

Credit:

雷重庆 <leicq () seu edu cn> (reporter)

References:

https://github.com/apache/mynewt-nimble/commit/b973df0c6cf7b30efbf8eb2cafdc1ee843464b76
https://mynewt.apache.org/
https://www.cve.org/CVERecord?id=CVE-2025-53470
Previous By Date Next
Previous By Thread Next

Current thread: