CVE-2022-25635 — MEDIUM (6.5)

Q: How severe is CVE-2022-25635?

CVE-2022-25635 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-25635?

Check the references section above for vendor advisories and patch information. Affected products include: Realtek Bluetooth Mesh Software Development Kit, Google Android, Linux Linux Kernel.

Vulnerability Description

Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for broadcast network packet length. An unauthenticated attacker in the adjacent network can exploit this vulnerability to disrupt service.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Realtek	Bluetooth Mesh Software Development Kit	<= 4.17-4.17-20220127
Google	Android	-
Linux	Linux Kernel	-

Related Weaknesses (CWE)

CWE-120

References

https://www.twcert.org.tw/tw/cp-132-6456-fc6c5-1.htmlThird Party AdvisoryVDB Entry
https://www.twcert.org.tw/tw/cp-132-6456-fc6c5-1.htmlThird Party AdvisoryVDB Entry

FAQ

What is CVE-2022-25635?

CVE-2022-25635 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for broadcast network packet length. An unauthenticated attacker in the adjacent network can...

How severe is CVE-2022-25635?

CVE-2022-25635 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-25635?

Check the references section above for vendor advisories and patch information. Affected products include: Realtek Bluetooth Mesh Software Development Kit, Google Android, Linux Linux Kernel.