doc: security: Disclose CVE-2024-6258

Disclose information about published CVE. Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
2024-09-13 11:56:20 -07:00 · 2024-09-13 11:56:20 -07:00 · 2f5b9577de
commit 2f5b9577de
parent 1142f95c8c
1 changed files with 9 additions and 1 deletions
--- a/doc/security/vulnerabilities.rst
+++ b/doc/security/vulnerabilities.rst
@ -1782,7 +1782,15 @@ Under embargo until 2024-09-11
 CVE-2024-6258
 -------------

-Under embargo until 2024-09-05
+BT: Missing length checks of net_buf in rfcomm_handle_data
+
+- `Zephyr project bug tracker GHSA-7833-fcpm-3ggm
+  <https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7833-fcpm-3ggm>`_
+
+This has been fixed in main for v3.7.0
+
+- `PR 74640 fix for main
+  <https://github.com/zephyrproject-rtos/zephyr/pull/74640>`_

 CVE-2024-6259
 -------------