CVE-2024-8798 – This vulnerability allows attackers to cause a ... (How to Fix)

Q: What is the severity of CVE-2024-8798?

CVE-2024-8798 has a CVSS score of 7.5 (HIGH). This vulnerability allows attackers to cause a heap-based buffer overflow in Zephyr RTOS Bluetooth Object Transfer Service (OTS) client by sending malformed data. It affects devices running vulnerable Zephyr versions with Bluetooth OTS client enabled. Successful exploitation could lead to denial of service or arbitrary code execution.

📋 TL;DR

This vulnerability allows attackers to cause a heap-based buffer overflow in Zephyr RTOS Bluetooth Object Transfer Service (OTS) client by sending malformed data. It affects devices running vulnerable Zephyr versions with Bluetooth OTS client enabled. Successful exploitation could lead to denial of service or arbitrary code execution.

💻 Affected Systems

Products:

Zephyr RTOS

Versions: All versions before v3.7.0

Operating Systems: Zephyr RTOS

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when CONFIG_BT_OTS_CLIENT is enabled. Many IoT devices using Zephyr may have this disabled by default.

📦 What is this software?

Zephyr by Zephyrproject

View all CVEs affecting Zephyr →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data exfiltration, or persistent backdoor installation.

🟠

Likely Case

Denial of service causing Bluetooth service crashes or device instability.

🟢

If Mitigated

No impact if input validation is properly implemented or vulnerable component is disabled.

🌐 Internet-Facing: MEDIUM - Requires Bluetooth proximity but could be exploited via internet-connected Bluetooth gateways.

🏢 Internal Only: HIGH - Bluetooth range allows attackers within physical proximity to exploit without network access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires Bluetooth access and knowledge of OTS protocol. No public exploits known as of advisory date.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v3.7.0 and later

Vendor Advisory: https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-r7pm-f93f-f7fp

Restart Required: Yes

Instructions:

1. Update Zephyr RTOS to v3.7.0 or later. 2. Rebuild firmware with updated Zephyr source. 3. Flash updated firmware to affected devices. 4. Verify Bluetooth OTS client functionality.

🔧 Temporary Workarounds

Disable OTS Client

all

Disable the vulnerable Bluetooth Object Transfer Service client component.

Set CONFIG_BT_OTS_CLIENT=n in project configuration

🧯 If You Can't Patch

Implement network segmentation to isolate Bluetooth-enabled devices from critical networks.
Deploy Bluetooth intrusion detection systems to monitor for anomalous OTS protocol traffic.

🔍 How to Verify

Check if Vulnerable:

Check if CONFIG_BT_OTS_CLIENT=y and Zephyr version < 3.7.0 in build configuration.

Check Version:

grep -r "ZEPHYR_VERSION" build/zephyr/include/generated/version.h

Verify Fix Applied:

Verify Zephyr version >= 3.7.0 and check that olcp_ind_handler includes proper length validation in ots_client.c.

📡 Detection & Monitoring

Log Indicators:

Bluetooth stack crashes
OTS client error messages
Memory corruption warnings in system logs

Network Indicators:

Abnormal Bluetooth OTS packet sizes
Repeated OTS connection attempts with malformed data

SIEM Query:

source="bluetooth_logs" AND (event="stack_crash" OR message="*ots*" OR message="*buffer*overflow*")

📊 Metadata

CVE ID: CVE-2024-8798

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-122

Published: December 16, 2024

Last Updated: September 17, 2025

🔗 References

https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-r7pm-f93f-f7fp Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-8798, you might also want to check these: