CVE-2025-9558 – Bluetooth: Mesh: Out-of-Bound Write in gen_prov_start

CVE ID : CVE-2025-9558

Published : Nov. 26, 2025, 5:39 a.m. | 40 minutes ago

Description : There is a potential OOB Write vulnerability in the gen_prov_start function in pb_adv.c. The full length of the received data is copied into the link.rx.buf receiver buffer without any validation on the data size.

Severity: 7.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…