.. _vulnerabilities_2022: CVE-2022 ######## :cve:`2022-0553` ---------------- Possible to retrieve unencrypted firmware image This has been fixed in main for v3.0.0 - `Zephyr project bug tracker GHSA-wrj2-9vj9-rrcp `_ - `PR 42424 fix for main `_ :cve:`2022-1041` ---------------- Out-of-bound write vulnerability in the Bluetooth Mesh core stack can be triggered during provisioning This has been fixed in main for v3.1.0 - `Zephyr project bug tracker GHSA-p449-9hv9-pj38 `_ - `PR 45136 fix for main `_ - `PR 45188 fix for v3.0.0 `_ - `PR 45187 fix for v2.7.0 `_ :cve:`2022-1042` ---------------- Out-of-bound write vulnerability in the Bluetooth Mesh core stack can be triggered during provisioning This has been fixed in main for v3.1.0 - `Zephyr project bug tracker GHSA-j7v7-w73r-mm5x `_ - `PR 45066 fix for main `_ - `PR 45135 fix for v3.0.0 `_ - `PR 45134 fix for v2.7.0 `_ :cve:`2022-1841` ---------------- Out-of-Bound Write in tcp_flags This has been fixed in main for v3.1.0 - `Zephyr project bug tracker GHSA-5c3j-p8cr-2pgh `_ - `PR 45796 fix for main `_ :cve:`2022-2741` ---------------- can: denial-of-service can be triggered by a crafted CAN frame This has been fixed in main for v3.2.0 - `Zephyr project bug tracker GHSA-hx5v-j59q-c3j8 `_ - `PR 47903 fix for main `_ - `PR 47957 fix for v3.1.0 `_ - `PR 47958 fix for v3.0.0 `_ - `PR 47959 fix for v2.7.0 `_ :cve:`2022-2993` ---------------- bt: host: Wrong key validation check This has been fixed in main for v3.2.0 - `Zephyr project bug tracker GHSA-3286-jgjx-8cvr `_ - `PR 48733 fix for main `_ :cve:`2022-3806` ---------------- DoS: Invalid Initialization in le_read_buffer_size_complete() - `Zephyr project bug tracker GHSA-w525-fm68-ppq3 `_