A critical vulnerability in the Zephyr RTOS Bluetooth stack allows unauthenticated attackers to trigger a system assertion, resulting in a potential denial-of-service.

This vulnerability involves a reachable assertion within the Bluetooth Classic Service Discovery Protocol (SDP) parser. An unauthenticated remote attacker can trigger this condition by sending a specially crafted SDP attribute, causing the affected device to crash.

The exploitation of this flaw leads to a denial-of-service, which can render embedded devices running Zephyr RTOS unresponsive. Given the CVSS score of 7.1, this is a High-severity risk, particularly for critical infrastructure or medical devices that rely on constant availability. Unplanned downtime in these environments could lead to significant operational disruption and safety risks.

Immediate Action: Update the Zephyr RTOS codebase to the version specified in the official vendor advisory to incorporate the necessary assertion handling patches.

Proactive Monitoring: Monitor Bluetooth traffic logs for malformed or unexpected SDP attribute packets that deviate from standard protocol specifications.

Compensating Controls: Implement strict Bluetooth perimeter security, such as disabling Bluetooth functionality when not required or restricting pairing to trusted devices only.

Public Exploit Available: false

The reliance on the Bluetooth stack in embedded systems makes this flaw a significant concern for device stability. Administrators must prioritize applying vendor-supplied updates to the RTOS image to mitigate the risk of remote service disruption caused by malformed protocol packets.