Description
An integer overflow condition exists in Bluetooth Host stack, within the bt_br_acl_recv routine a critical path for processing inbound BR/EDR L2CAP traffic.
Scores
CVSS v3
6.5
EPSS
0.0004
EPSS Percentile
12.5%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-190
Status
published
Products (1)
zephyrproject-rtos/Zephyr
< 4.2
Published
Dec 15, 2025
Tracked Since
Feb 18, 2026