CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-7137: Denial of Service in Silicon Labs RS9116 Bluetooth SDK

6.5 CVSS

Description

The L2CAP receive data buffer for L2CAP packets is restricted to packet sizes smaller than the maximum supported packet size. Receiving a packet that exceeds the restricted buffer length may cause a crash. A hard reset is required to recover the crashed device.

Classification

CVE ID: CVE-2024-7137

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.5

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem Types

CWE-787 Out-of-bounds Write

Affected Products

Vendor: silabs.com

Product: RS9116 Bluetooth SDK

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 7.68% (scored less or equal to compared to others)

EPSS Date: 2025-06-17 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2024-7137
https://community.silabs.com/068Vm00000I5mjD

Timeline

2025-05-28 14:40:12 UTC
CVE

Denial of Service in Silicon Labs RS9116 Bluetooth SDK