CVE-2024-4785 – This vulnerability in Zephyr RTOS Bluetooth sta... (How to Fix)

Q: What is the severity of CVE-2024-4785?

CVE-2024-4785 has a CVSS score of 7.6 (HIGH). This vulnerability in Zephyr RTOS Bluetooth stack allows attackers to crash devices via a division by zero error when processing malicious LL_CONNECTION_UPDATE_IND packets. It affects Bluetooth Low Energy (BLE) implementations using vulnerable Zephyr versions, potentially impacting IoT devices, wearables, and embedded systems.

📋 TL;DR

This vulnerability in Zephyr RTOS Bluetooth stack allows attackers to crash devices via a division by zero error when processing malicious LL_CONNECTION_UPDATE_IND packets. It affects Bluetooth Low Energy (BLE) implementations using vulnerable Zephyr versions, potentially impacting IoT devices, wearables, and embedded systems.

💻 Affected Systems

Products:

Zephyr RTOS Bluetooth stack

Versions: Zephyr RTOS versions before the fix (specific version range not specified in advisory)

Operating Systems: Zephyr RTOS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices using Zephyr's Bluetooth Low Energy (BLE) controller implementation. The vulnerability is in the handling of LL_CONNECTION_UPDATE_IND packets.

📦 What is this software?

Zephyr by Zephyrproject

View all CVEs affecting Zephyr →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device crash and denial of service, potentially requiring physical reset or causing system instability in critical embedded systems.

🟠

Likely Case

Bluetooth stack crash leading to temporary loss of BLE connectivity until system restart or stack recovery.

🟢

If Mitigated

Minimal impact with proper input validation and error handling preventing the crash.

🌐 Internet-Facing: MEDIUM - Requires proximity for Bluetooth exploitation but could affect internet-connected devices with BLE interfaces.

🏢 Internal Only: MEDIUM - Internal devices with BLE could be affected by nearby malicious actors.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending specially crafted BLE packets to vulnerable devices within Bluetooth range. No authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in Zephyr RTOS main branch (commit referenced in advisory)

Vendor Advisory: https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xcr5-5g98-mchp

Restart Required: Yes

Instructions:

1. Update Zephyr RTOS to latest version with the fix. 2. Rebuild and redeploy firmware to affected devices. 3. Restart devices to apply the updated firmware.

🔧 Temporary Workarounds

Disable BLE if not needed

all

Temporarily disable Bluetooth Low Energy functionality to prevent exploitation

# Configure device to disable BLE in firmware/configuration

Implement input validation

all

Add validation for LL_CONNECTION_UPDATE_IND packet fields before processing

// In Bluetooth stack code, validate divisor != 0 before division operation

🧯 If You Can't Patch

Segment network to isolate vulnerable BLE devices from potential attackers
Implement physical security controls to limit Bluetooth proximity access

🔍 How to Verify

Check if Vulnerable:

Check Zephyr version and verify if Bluetooth stack includes the vulnerable LL_CONNECTION_UPDATE_IND handling code

Check Version:

Check Zephyr version in build configuration or via device firmware version command

Verify Fix Applied:

Verify the fix commit is included in your Zephyr build and test BLE connectivity with malformed packets

📡 Detection & Monitoring

Log Indicators:

Bluetooth stack crash logs
Division by zero errors in system logs
BLE connection failures

Network Indicators:

Unusual LL_CONNECTION_UPDATE_IND packets
Multiple BLE connection attempts with malformed packets

SIEM Query:

Search for 'division by zero' OR 'bluetooth crash' OR 'BLE stack error' in device logs

📊 Metadata

CVE ID: CVE-2024-4785

CVSS v3 Score: 7.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CWE: CWE-369

Published: August 19, 2024

Last Updated: September 17, 2025

🔗 References

https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xcr5-5g98-mchp Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-4785, you might also want to check these: