Vulnerability Description
Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the length of segmented packets’ shift parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Realtek | Bluetooth Mesh Software Development Kit | <= 4.17-4.17-20220127 |
| Android | - | |
| Linux | Linux Kernel | - |
Related Weaknesses (CWE)
References
- https://www.twcert.org.tw/tw/cp-132-6458-5052f-1.htmlThird Party AdvisoryVDB Entry
- https://www.twcert.org.tw/tw/cp-132-6458-5052f-1.htmlThird Party AdvisoryVDB Entry
FAQ
What is CVE-2022-26528?
CVE-2022-26528 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the length of segmented packets’ shift parameter. An unauthenticated attacker in the adj...
How severe is CVE-2022-26528?
CVE-2022-26528 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-26528?
Check the references section above for vendor advisories and patch information. Affected products include: Realtek Bluetooth Mesh Software Development Kit, Google Android, Linux Linux Kernel.