Severity: low Affected versions:
- Apache NimBLE through 1.8 Description: Out-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4 driver. This issue affects Apache NimBLE: through 1.8. This issue requires a broken or bogus Bluetooth controller and thus severity is considered low. Users are recommended to upgrade to version 1.9, which fixes the issue. Credit: 雷重庆 <[email protected]> (reporter) References: https://github.com/apache/mynewt-nimble/commit/b973df0c6cf7b30efbf8eb2cafdc1ee843464b76 https://mynewt.apache.org/ https://www.cve.org/CVERecord?id=CVE-2025-53470
