CVE-2022-24893 – A memory corruption vulnerability in ESP-IDF's ... (How to Fix)

Q: What is the severity of CVE-2022-24893?

CVE-2022-24893 has a CVSS score of 7.5 (HIGH). A memory corruption vulnerability in ESP-IDF's Bluetooth Mesh SDK allows attackers to trigger memory corruption during device provisioning by manipulating the SegN field in Transaction Start PDUs. This affects all users of ESP-BLE-MESH component in ESP-IDF and can potentially lead to remote code execution and full system compromise.

📋 TL;DR

A memory corruption vulnerability in ESP-IDF's Bluetooth Mesh SDK allows attackers to trigger memory corruption during device provisioning by manipulating the SegN field in Transaction Start PDUs. This affects all users of ESP-BLE-MESH component in ESP-IDF and can potentially lead to remote code execution and full system compromise.

💻 Affected Systems

Products:

ESP-IDF with ESP-BLE-MESH component

Versions: All versions before patches in branches 4.1, 4.2, 4.3, 4.4

Operating Systems: ESP-IDF (Espressif IoT Development Framework)

Default Config Vulnerable: ⚠️ Yes

Notes: All applications using ESP-BLE-MESH for Bluetooth mesh networking are vulnerable during provisioning phase.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains full control of the device, executes arbitrary code, and potentially compromises the entire Bluetooth mesh network.

🟠

Likely Case

Memory corruption leading to device crashes, denial of service, or limited code execution within the Bluetooth mesh stack context.

🟢

If Mitigated

With proper network segmentation and Bluetooth security controls, impact limited to isolated mesh segments.

🌐 Internet-Facing: MEDIUM - Requires Bluetooth proximity or network access to Bluetooth mesh, not directly internet-exposed.

🏢 Internal Only: HIGH - Bluetooth mesh networks often deployed in internal IoT/industrial environments where exploitation could disrupt critical operations.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires Bluetooth mesh network access during provisioning, but no authentication needed for the vulnerable packet processing.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches available in ESP-IDF branches 4.1, 4.2, 4.3, 4.4

Vendor Advisory: https://github.com/espressif/esp-idf/security/advisories/GHSA-7f7f-jj2q-28wm

Restart Required: Yes

Instructions:

1. Update ESP-IDF to latest patched version from official repository. 2. Rebuild and flash firmware to all affected devices. 3. Verify new firmware is running on all mesh nodes.

🔧 Temporary Workarounds

No workaround available

all

Vendor states no application-layer workaround exists. Must patch firmware.

🧯 If You Can't Patch

Isolate Bluetooth mesh network from other critical networks
Disable provisioning of new devices until patching possible

🔍 How to Verify

Check if Vulnerable:

Check ESP-IDF version and ESP-BLE-MESH component version. If using unpatched versions before fixes in branches 4.1-4.4, system is vulnerable.

Check Version:

Check ESP-IDF version in sdkconfig or via idf.py --version

Verify Fix Applied:

Verify ESP-IDF version includes commits from the security advisory and test provisioning functionality.

📡 Detection & Monitoring

Log Indicators:

Bluetooth mesh provisioning failures
Memory corruption errors in ESP32 logs
Device crashes during provisioning

Network Indicators:

Unusual Bluetooth mesh provisioning traffic
Malformed Transaction Start PDUs with manipulated SegN field

SIEM Query:

Bluetooth mesh provisioning events with error codes or device reboot patterns

📊 Metadata

CVE ID: CVE-2022-24893

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: June 25, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/espressif/esp-idf/security/advisories/GHSA-7f7f-jj2q-28wm Patch,Third Party Advisory
https://github.com/espressif/esp-idf/security/advisories/GHSA-7f7f-jj2q-28wm Patch,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-24893, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Esp Idf by Espressif

Esp Idf by Espressif

Esp Idf by Espressif

Esp Idf by Espressif

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

No workaround available

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities