doc: security: Disclose CVE-2024-3332

Disclose information about published CVE. Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
2024-07-02 22:11:22 -07:00 · 2024-07-02 22:11:22 -07:00 · f80c75c3da
commit f80c75c3da
parent 0f776cf0bf
2 changed files with 15 additions and 2 deletions
--- a/doc/releases/release-notes-3.7.rst
+++ b/doc/releases/release-notes-3.7.rst
@ -82,7 +82,8 @@ https://docs.zephyrproject.org/latest/security/vulnerabilities.html
 * CVE-2024-3077 `Zephyr project bug tracker GHSA-gmfv-4vfh-2mh8
  <https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gmfv-4vfh-2mh8>`_

-* CVE-2024-3332  Under embargo until 2024-07-01
+* CVE-2024-3332  `Zephyr project bug tracker GHSA-jmr9-xw2v-5vf4
+  <https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-jmr9-xw2v-5vf4>`_

 * CVE-2024-4785: Under embargo until 2024-08-07

--- a/doc/security/vulnerabilities.rst
+++ b/doc/security/vulnerabilities.rst
@ -1720,7 +1720,19 @@ This has been fixed in main for v3.7.0
 CVE-2024-3332
 -------------

-Under embargo until 2024-07-01
+Bluetooth: DoS caused by null pointer dereference.
+
+A malicious BLE device can send a specific order of packet
+sequence to cause a DoS attack on the victim BLE device.
+
+- `Zephyr project bug tracker GHSA-jmr9-xw2v-5vf4
+  <https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-jmr9-xw2v-5vf4>`_
+
+This has been fixed in main for v3.7.0
+
+- `PR 71030 fix for main
+  <https://github.com/zephyrproject-rtos/zephyr/pull/71030>`_
+

 CVE-2024-4785
 -------------