CVE-2024-48984 – This vulnerability in MBed OS 6.16.0 allows a b... (How to Fix)

📋 TL;DR

This vulnerability in MBed OS 6.16.0 allows a buffer overflow when parsing Bluetooth Low Energy (BLE) advertising reports. Attackers could potentially execute arbitrary code or cause denial of service on affected IoT devices. Any device running the vulnerable MBed OS version with BLE functionality enabled is affected.

💻 Affected Systems

Products:

MBed OS

Versions: 6.16.0

Operating Systems: MBed OS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with BLE functionality enabled. The vulnerability is in the Cordio BLE host stack implementation.

📦 What is this software?

Mbed Os by Arm

View all CVEs affecting Mbed Os →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data exfiltration, or device bricking.

🟠

Likely Case

Denial of service causing device crashes or instability in BLE functionality.

🟢

If Mitigated

Limited impact if BLE is disabled or devices are behind network segmentation.

🌐 Internet-Facing: MEDIUM - Requires BLE proximity or network access to BLE interfaces.

🏢 Internal Only: MEDIUM - Internal attackers with BLE access could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending specially crafted BLE advertising reports to the target device.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in MBed OS versions after 6.16.0 via pull request #387

Vendor Advisory: https://github.com/mbed-ce/mbed-os/pull/387

Restart Required: Yes

Instructions:

1. Update MBed OS to version after 6.16.0
2. Apply the fix from GitHub pull request #387
3. Recompile and redeploy firmware
4. Restart affected devices

🔧 Temporary Workarounds

Disable BLE functionality

all

Temporarily disable Bluetooth Low Energy features if not required

# Configuration depends on specific MBed OS implementation
# Typically involves modifying mbed_app.json or build flags to disable BLE

🧯 If You Can't Patch

Implement network segmentation to isolate BLE devices from untrusted networks
Deploy intrusion detection systems to monitor for abnormal BLE traffic patterns

🔍 How to Verify

Check if Vulnerable:

Check if MBed OS version is 6.16.0 and BLE is enabled. Review source code for the vulnerable hciEvtProcessLeExtAdvReport function.

Check Version:

# Check MBed OS version in mbed-os.lib or version file
cat mbed-os.lib | grep -i version
# Or check MBed CLI version
mbed --version

Verify Fix Applied:

Verify the fix from pull request #387 is applied in your MBed OS source code. Check that bounds validation is implemented in hci parsing functions.

📡 Detection & Monitoring

Log Indicators:

Multiple BLE connection attempts
Device crashes or reboots after BLE events
Memory corruption errors in system logs

Network Indicators:

Unusual BLE advertising packet patterns
Excessive BLE report parsing errors

SIEM Query:

device_logs WHERE source="ble_stack" AND (event="buffer_overflow" OR event="memory_corruption")

📊 Metadata

CVE ID: CVE-2024-48984

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: November 20, 2024

Last Updated: September 24, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-48984, you might also want to check these: