diff --git a/doc/releases/release-notes-4.2.rst b/doc/releases/release-notes-4.2.rst index b73d345acb01b..458e70d13255b 100644 --- a/doc/releases/release-notes-4.2.rst +++ b/doc/releases/release-notes-4.2.rst @@ -71,6 +71,8 @@ Security Vulnerability Related The following CVEs are addressed by this release: +* :cve:`2025-12890` `Bluetooth: peripheral: Invalid handling of malformed connection request + `_ * :cve:`2025-27809` `TLS clients may unwittingly skip server authentication `_ * :cve:`2025-27810` `Potential authentication bypass in TLS handshake diff --git a/doc/releases/release-notes-4.3.rst b/doc/releases/release-notes-4.3.rst index 15464fe9d37b9..fb880971264a8 100644 --- a/doc/releases/release-notes-4.3.rst +++ b/doc/releases/release-notes-4.3.rst @@ -87,6 +87,7 @@ The following CVEs are addressed by this release: * :cve:`2025-9557`: Under embargo until 2025-11-24 * :cve:`2025-9558`: Under embargo until 2025-11-24 * :cve:`2025-12035`: Under embargo until 2025-12-13 +* :cve:`2025-12899`: Under embargo until 2026-01-28 * :cve:`2025-59438` `Padding oracle through timing of cipher error reporting `_ * :cve:`2025-54764` `Side channel in RSA key generation and operations (SSBleed, M-Step) diff --git a/doc/security/vulnerabilities.rst b/doc/security/vulnerabilities.rst index 21f25c28bcfe1..016fa40946d8d 100644 --- a/doc/security/vulnerabilities.rst +++ b/doc/security/vulnerabilities.rst @@ -2022,3 +2022,25 @@ Under embargo until 2025-11-24 ----------------- Under embargo until 2025-12-13 + +:cve:`2025-12890` +----------------- + +Bluetooth: peripheral: Invalid handling of malformed connection request + +Improper handling of malformed Connection Request with the interval +set to be 1 (which supposed to be illegal) and the chM 0x7CFFFFFFFF +triggers a crash. The peripheral will not be connectable after it. + +- `Zephyr project bug tracker GHSA-8hrf-pfww-83v9 + `_ + +This has been fixed in main for v4.2.0 + +- `PR 89955 fix for main + `_ + +:cve:`2025-12899` +----------------- + +Under embargo until 2026-01-28