CVE-2025-53470

Severity CVSS v4.0:

Pending analysis

Type:

CWE-125 Out-of-bounds Read

Publication date:

10/01/2026

Last modified:

10/01/2026

Description

Out-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4 driver. This issue affects Apache NimBLE: through 1.8. This issue requires a broken or bogus Bluetooth controller and thus severity is considered low. Users are recommended to upgrade to version 1.9, which fixes the issue.

Impact

References to Advisories, Solutions, and Tools

https://github.com/apache/mynewt-nimble/commit/b973df0c6cf7b30efbf8eb2cafdc1ee843464b76
https://lists.apache.org/thread/32sm0944dyod4sdql77stgyw9xb2msc0
http://www.openwall.com/lists/oss-security/2026/01/08/2