Skip to content

Commit f84b0f0

Browse files
ceolinfabiobaltieri
ceolin
authored and
fabiobaltieri
committed
doc: security: Disclose CVE-2025-10458
Disclose information about published CVE. Signed-off-by: Flavio Ceolin <[email protected]>
1 parent 308c8d2 commit f84b0f0

File tree

1 file changed

+16
-0
lines changed

1 file changed

+16
-0
lines changed

doc/security/vulnerabilities.rst

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1983,3 +1983,19 @@ This has been fixed in main for v4.2.0
19831983

19841984
- `PR 94080 fix for main
19851985
<https://github.com/zephyrproject-rtos/zephyr/pull/94080>`_
1986+
1987+
:cve:`2025-10458`
1988+
-----------------
1989+
1990+
Bluetooth: le_conn_rsp does not sanitize CID, MTU, MPS values
1991+
1992+
Parameters are not validated or sanitized, and are later used in
1993+
various internal operations.
1994+
1995+
- `Zephyr project bug tracker GHSA-vmww-237q-2fwp
1996+
<https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vmww-237q-2fwp>`_
1997+
1998+
This has been fixed in main for v4.2.0
1999+
2000+
- `PR 93174 fix for main
2001+
<https://github.com/zephyrproject-rtos/zephyr/pull/93174>`_

0 commit comments

Comments
 (0)