प्लेटफ़ॉर्म
c
घटक
zephyr
में ठीक किया गया
3.5.1
CVE-2024-1638 is a high-severity vulnerability affecting Zephyr RTOS versions up to 3.5. It stems from an incorrect implementation of Bluetooth Low Energy (BLE) permission handling, specifically concerning LE Secure Connections. This flaw allows unauthorized access to Bluetooth characteristics, potentially leading to data breaches and control compromise. The vulnerability is fixed in version 3.5.1.
The core of the vulnerability lies in the misinterpretation of BLE characteristic permissions. The Zephyr BLE stack incorrectly handles the BTGATTPERMREADLESC and BTGATTPERMWRITELESC flags. While these flags are intended to enforce LE Secure Connections for read and write operations, the stack fails to do so when combined with other permissions like BTGATTPERMREADENCRYPT/BTGATTPERMREADAUTHEN or BTGATTPERMWRITEENCRYPT/BTGATTPERMWRITEAUTHEN. An attacker can exploit this by crafting malicious BLE connections that bypass the intended security measures. This could allow them to read or write sensitive data transmitted over the BLE link without proper encryption or authentication, potentially leading to device compromise and data theft. The blast radius extends to any device utilizing Zephyr's BLE stack in vulnerable configurations.
CVE-2024-1638 was publicly disclosed on February 19, 2024. The vulnerability's impact is amplified by the widespread use of BLE in IoT devices. While no public exploits have been released, the ease of exploitation makes it a potential target for attackers. The CVSS score of 8.2 (HIGH) reflects the potential for significant impact. It is not currently listed on the CISA KEV catalog, but its severity warrants monitoring.
Devices utilizing Zephyr RTOS in Bluetooth Low Energy (BLE) applications are at risk. This includes IoT devices, wearables, and industrial control systems that rely on BLE for communication. Legacy Zephyr deployments and those with custom BLE implementations are particularly vulnerable, as they may not have been updated to address this issue.
• linux / server: Examine Zephyr BLE stack logs for unusual connection attempts or permission errors. Use journalctl -u zephyr to filter for BLE-related messages.
journalctl -u zephyr | grep -i "permission denied"• c: Review Zephyr source code for instances of BTGATTPERMREADLESC and BTGATTPERMWRITELESC to identify potential vulnerable configurations. Use static analysis tools to detect code patterns that violate the intended permission logic.
• generic web: Monitor BLE traffic using tools like Wireshark to identify connections that bypass LE Secure Connections. Look for connections where encryption/authentication is not enforced despite the presence of BTGATTPERMREADLESC or BTGATTPERMWRITELESC.
disclosure
patch
एक्सप्लॉइट स्थिति
EPSS
0.15% (36% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2024-1638 is to upgrade to Zephyr RTOS version 3.5.1 or later, which includes the corrected BLE permission handling. If upgrading is not immediately feasible, consider implementing compensating controls. Carefully review BLE characteristic permissions in your application, ensuring that BTGATTPERMREADENCRYPT/BTGATTPERMREADAUTHEN and BTGATTPERMWRITEENCRYPT/BTGATTPERMWRITEAUTHEN are always set alongside BTGATTPERMREADLESC and BTGATTPERMWRITELESC. Consider implementing a Web Application Firewall (WAF) or proxy to filter BLE traffic and block connections that attempt to bypass security checks. After upgrading, confirm the fix by attempting a BLE connection without the required encryption/authentication permissions and verifying that access is denied.
Actualice Zephyr a una versión posterior a 3.5 que incluya la corrección para esta vulnerabilidad. Asegúrese de aplicar las configuraciones de seguridad recomendadas para las características Bluetooth, incluyendo el uso de BT_GATT_PERM_READ_ENCRYPT/BT_GATT_PERM_READ_AUTHEN o BT_GATT_PERM_WRITE_ENCRYPT/BT_GATT_PERM_WRITE_AUTHEN junto con BT_GATT_PERM_READ_LESC y BT_GATT_PERM_WRITE_LESC.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2024-1638 is a high-severity vulnerability in Zephyr RTOS affecting BLE characteristic permission handling. It allows unauthorized access to BLE data if versions are ≤3.5.
If you are using Zephyr RTOS version 3.5 or earlier, you are potentially affected. Upgrade to 3.5.1 to mitigate the risk.
Upgrade to Zephyr RTOS version 3.5.1 or later. Review BLE characteristic permissions and ensure proper encryption/authentication is enforced.
While no public exploits are currently known, the vulnerability's ease of exploitation makes it a potential target for attackers.
Refer to the Zephyr Project security advisory for detailed information and updates: https://security.zephyrproject.org/
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।