Login Sign Up

CVE-2021-3835

8.2 HIGH
Denial of Service Buffer Overflow

📋 TL;DR

This CVE describes a heap-based buffer overflow vulnerability in the USB device class implementation in Zephyr RTOS. Attackers could exploit this to execute arbitrary code or cause denial of service on affected systems. This affects devices running Zephyr RTOS version 2.6.0 and later.

💻 Affected Systems

Products:
  • Zephyr RTOS
Versions: >= v2.6.0
Operating Systems: Zephyr RTOS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects systems using Zephyr's USB device stack. Embedded/IoT devices using Zephyr RTOS are primarily impacted.

📦 What is this software?

Zephyr by Zephyrproject

View all CVEs affecting Zephyr →

Zephyr by Zephyrproject

View all CVEs affecting Zephyr →

Zephyr by Zephyrproject

View all CVEs affecting Zephyr →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, potentially allowing attackers to take control of the device.

🟠

Likely Case

Denial of service through system crashes or instability when processing malicious USB data.

🟢

If Mitigated

Limited impact with proper input validation and memory protection mechanisms in place.

🌐 Internet-Facing: MEDIUM - Requires USB device interaction which may be exposed through network-connected USB interfaces.
🏢 Internal Only: HIGH - USB-connected devices in internal networks could be exploited by malicious peripherals or compromised hosts.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires sending specially crafted USB data to vulnerable devices. No public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in Zephyr v2.7.0 and later

Vendor Advisory: https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf

Restart Required: Yes

Instructions:

1. Update Zephyr RTOS to version 2.7.0 or later. 2. Rebuild and redeploy firmware to affected devices. 3. Test USB functionality after update.

🔧 Temporary Workarounds

Disable USB device functionality

all

Temporarily disable USB device support if not required for device operation

Modify device configuration to disable CONFIG_USB_DEVICE_STACK

Implement input validation

all

Add custom validation for USB data packets before processing

Implement bounds checking in USB device class handlers

🧯 If You Can't Patch

  • Segment network to isolate USB-connected devices from untrusted networks
  • Implement strict USB device whitelisting and monitoring

🔍 How to Verify

Check if Vulnerable:

Check Zephyr version: if >=2.6.0 and <2.7.0, device is vulnerable

Check Version:

Check Zephyr version in build configuration or device firmware

Verify Fix Applied:

Verify Zephyr version is >=2.7.0 and test USB functionality

📡 Detection & Monitoring

Log Indicators:

  • USB error messages
  • System crashes during USB operations
  • Memory corruption warnings

Network Indicators:

  • Unusual USB traffic patterns
  • Unexpected USB device enumeration

SIEM Query:

Search for USB-related error codes or system crashes in device logs

📊 Metadata

CVE ID: CVE-2021-3835
CVSS v3 Score: 8.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H
CWE: CWE-122
Published: February 7, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-3835, you might also want to check these:

CVE-2021-21940 10.0

A heap-based buffer overflow vulnerability in Anker Eufy Homebase 2's RTSP handling allows remote co...

Same vulnerability type (CWE-122)
CVE-2023-45318 10.0

This critical vulnerability allows remote attackers to execute arbitrary code on systems running Wes...

Same vulnerability type (CWE-122)
CVE-2025-23123 10.0

A heap buffer overflow vulnerability in UniFi Protect Camera firmware allows remote code execution. ...

Same vulnerability type (CWE-122)