CVE-2023-5055 – CVE-2023-5055 is a stack-based buffer overflow ... (How to Fix)

Q: What is the severity of CVE-2023-5055?

CVE-2023-5055 has a CVSS score of 8.3 (HIGH). CVE-2023-5055 is a stack-based buffer overflow vulnerability in the le_ecred_reconf_req function of Zephyr RTOS Bluetooth LE stack. This allows attackers to execute arbitrary code or cause denial of service by sending specially crafted Bluetooth packets. Affects devices running vulnerable Zephyr RTOS versions with Bluetooth LE functionality enabled.

📋 TL;DR

CVE-2023-5055 is a stack-based buffer overflow vulnerability in the le_ecred_reconf_req function of Zephyr RTOS Bluetooth LE stack. This allows attackers to execute arbitrary code or cause denial of service by sending specially crafted Bluetooth packets. Affects devices running vulnerable Zephyr RTOS versions with Bluetooth LE functionality enabled.

💻 Affected Systems

Products:

Zephyr RTOS

Versions: Versions before v3.4.0

Operating Systems: Zephyr RTOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with Bluetooth LE functionality enabled and using the vulnerable function

📦 What is this software?

Zephyr by Zephyrproject

View all CVEs affecting Zephyr →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data exfiltration, or device bricking

🟠

Likely Case

Denial of service causing Bluetooth functionality disruption or device crashes

🟢

If Mitigated

Limited impact if Bluetooth stack is isolated or device has memory protection features

🌐 Internet-Facing: MEDIUM - Requires Bluetooth proximity or network access to Bluetooth stack

🏢 Internal Only: MEDIUM - Attackers need Bluetooth access to vulnerable devices

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires Bluetooth access to target device and knowledge of vulnerable function usage

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v3.4.0 and later

Vendor Advisory: https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wr8r-7f8x-24jj

Restart Required: Yes

Instructions:

1. Update Zephyr RTOS to version 3.4.0 or later. 2. Rebuild and redeploy firmware. 3. Restart affected devices.

🔧 Temporary Workarounds

Disable Bluetooth LE Enhanced Connection feature

all

Disable the vulnerable Bluetooth LE Enhanced Connection functionality

CONFIG_BT_ECRED=n in project configuration

Implement Bluetooth access controls

all

Restrict Bluetooth connections to trusted devices only

🧯 If You Can't Patch

Segment Bluetooth network from critical systems
Implement device-level firewall rules to restrict Bluetooth connections

🔍 How to Verify

Check if Vulnerable:

Check Zephyr version and CONFIG_BT_ECRED setting in project configuration

Check Version:

Check Zephyr version in build configuration or device firmware info

Verify Fix Applied:

Verify Zephyr version is 3.4.0+ and check for successful firmware update

📡 Detection & Monitoring

Log Indicators:

Bluetooth stack crashes
Memory corruption errors
Unexpected device reboots

Network Indicators:

Unusual Bluetooth connection attempts
Malformed Bluetooth packets

SIEM Query:

Search for Bluetooth stack error codes or device crash events related to le_ecred_reconf_req

📊 Metadata

CVE ID: CVE-2023-5055

CVSS v3 Score: 8.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

CWE: CWE-121

Published: November 21, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wr8r-7f8x-24jj Exploit,Vendor Advisory
https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wr8r-7f8x-24jj Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-5055, you might also want to check these: