Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from Vendor (zephyrproject) · only source for this CVE.
CVSS VectorVendor: zephyrproject
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
Zephyr sockets created with IPPROTO_TLS_1_3 can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS (e.g. via mbedtls_ssl_conf_min_tls_version). The ClientHello advertises both versions and the peer can establish TLS 1.2, so applications that assumed IPPROTO_TLS_1_3 enforces TLS 1.3 may silently use TLS 1.2 and remain exposed to TLS 1.2-specific weaknesses. As a workaround, the TLS_CIPHERSUITE_LIST socket option can be restricted to TLS 1.3-only cipher suites.
AnalysisAI
Zephyr RTOS sockets created with IPPROTO_TLS_1_3 can negotiate TLS 1.2 connections when both TLS versions are enabled in Kconfig, because socket-level protocol selection is not propagated to mbedTLS's minimum version enforcement. Applications explicitly requesting TLS 1.3 may silently fall back to TLS 1.2, exposing them to known TLS 1.2 weaknesses such as POODLE or truncation attacks. Remote unauthenticated attackers can exploit this via network-level protocol downgrade during the TLS handshake.
Technical ContextAI
Zephyr RTOS uses mbedTLS as its underlying TLS/SSL library. When an application creates a socket with IPPROTO_TLS_1_3, Zephyr's socket abstraction layer should enforce TLS 1.3-only negotiation by calling mbedTLS's mbedtls_ssl_conf_min_tls_version() function to set the minimum version to TLS 1.3. However, this propagation does not occur. Instead, the mbedTLS configuration retains its Kconfig-specified defaults, which may include both TLS 1.2 and TLS 1.3. During the TLS handshake, the ClientHello advertises both supported versions, allowing a peer (or attacker) to select TLS 1.2. This violates the application's explicit protocol-level intent and falls under CWE-757 (Selection of Less-Secure Algorithm Before Stronger One). The root cause is incomplete socket option handling in Zephyr's TLS socket implementation.
RemediationAI
Apply the upstream patch from the Zephyr project repository that propagates socket-level IPPROTO_TLS_1_3 selection to mbedTLS by calling mbedtls_ssl_conf_min_tls_version(conf, MBEDTLS_SSL_VERSION_TLS1_3) before handshake initiation. Check the Zephyr security advisory GHSA-23r2-m5wx-4rvq for patched release versions. As an immediate workaround without patching, applications can restrict the TLS_CIPHERSUITE_LIST socket option to TLS 1.3-only cipher suites using setsockopt(), which forces the peer to negotiate TLS 1.3 or fail the handshake. This workaround has no functional side effects but requires explicit application code changes for each affected socket. Alternatively, disable TLS 1.2 at build time via Kconfig (CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=n) if the deployment does not require backward compatibility; this ensures downgrade is cryptographically impossible. Prioritize patching over Kconfig changes to avoid build-time rigidity in production deployments.
Potential off-by-one buffer overflow vulnerability in the Zephyr fuse file system. Rated critical severity (CVSS 10.0),
Possible variant of CVE-2021-3434 in function le_ecred_reconf_req. Rated critical severity (CVSS 9.8), this vulnerabilit
Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows. Rated critical severity (CVS
Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem. Rated critical severity (CVSS 9.8), this vulner
Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Rated critical severity (CVSS 9.8), this vulnerability
Buffer overflow in Zephyr USB DFU DNLOAD. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable
DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses. Rated critical severity (CVSS 9.8), this vul
zephyr-rtos version 1.12.0 contains a NULL base pointer reference vulnerability in sys_ring_buf_put(), sys_ring_buf_get(
Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem. Rated critical severity (CVSS 9.6), this vul
Buffer overflow in Zephyr RTOS dns_unpack_name() function causing OOB writes. PoC available.
The documentation specifies that the BT_GATT_PERM_READ_LESC and BT_GATT_PERM_WRITE_LESC defines for a Bluetooth characte
Potential buffer overflows in the Bluetooth subsystem due to asserts being disabled in /subsys/bluetooth/host/hci_core.c
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29033