A high-severity vulnerability exists in the Zephyr RTOS Bluetooth Host stack where missing length validation allows unauthenticated attackers to trigger a crash via malformed ISO data.

The flaw resides in the Bluetooth Host ISO receive path, where the system fails to perform adequate length validation on incoming Host Controller Interface (HCI) ISO data. An unauthenticated attacker can exploit this by sending malformed packets, potentially resulting in memory corruption or a system-wide assertion failure.

With a CVSS score of 7.1, this vulnerability presents a substantial risk to systems utilizing Zephyr RTOS for Bluetooth communication. Successful exploitation results in system instability or denial-of-service, which could compromise the reliability of connected embedded hardware. Impact includes potential service outages and the need for manual device resets.

Immediate Action: Apply the vendor-provided patch or upgrade to the latest stable release of Zephyr RTOS that includes the required input validation logic.

Proactive Monitoring: Review system logs for unexpected crashes or error messages related to the Bluetooth Host Controller Interface during data reception.

Compensating Controls: Use a hardware-based Bluetooth controller or firewall to sanitize or drop malformed HCI traffic before it reaches the host software stack.

Public Exploit Available: false

Given that this vulnerability affects the core Bluetooth Host communication path, it is imperative that organizations using Zephyr RTOS verify their current version and deploy the latest security updates. Patching is the only effective way to ensure the integrity of the data receive path and prevent exploitation.