CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2024-45434

CVSS 9.8v3.1pub. 2025-09-12upd. 2025-10-02

OpenSynergy BlueSDK (aka Blue SDK) through 6.x has a Use-After-Free. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from the lack of validating the existence of an object before performing operations on the object (aka use after free). An attacker can leverage this to achieve remote code execution in the context of a user account under which the Bluetooth process runs.

🤖 AI Analysis
How it works

The vulnerability results from the lack of verification of object existence before performing operations on it — this is a classic use-after-free error (CWE-416). An attacker can craft an appropriate Bluetooth request that references an already freed memory area. This results in the ability to take control of the program execution flow and execute arbitrary code in the context of the user account running the Bluetooth process.

Impact

An attacker without any authentication can remotely execute arbitrary code (RCE) in the context of the user account running the Bluetooth process, which may lead to complete device takeover, violation of data confidentiality and integrity, and loss of service availability.

Mitigation & patch

Apply patches available from the manufacturer according to the references. It is recommended to contact OpenSynergy (www.opensynergy.com) to obtain an updated version of the BlueSDK stack. Until the fix is implemented, consider disabling or restricting access to the Bluetooth interface on vulnerable devices.

Who is affected

OpenSynergy BlueSDK (Blue SDK) in versions up to and including 6.x

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Opensynergy Blue Sdk

    APP
    Opensynergy
    ≤ 6.0.1
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCEMemory
CWE
References

Related vulnerabilities

CVE-2024-45432HIGH7.5ten sam produkt

OpenSynergy BlueSDK (aka Blue SDK) through 6.x mishandles a function call. The specific flaw exists within the...

CVE-2018-20378HIGH7.5ten sam produkt

The L2CAP signaling channel implementation and SDP server implementation in OpenSynergy Blue SDK 3.2 through 6...

CVE-2024-45431MEDIUM5.3ten sam produkt

OpenSynergy BlueSDK (aka Blue SDK) through 6.x has Improper Input Validation. The specific flaw exists within ...

CVE-2024-45433MEDIUM6.5ten sam produkt

OpenSynergy BlueSDK (aka Blue SDK) through 6.x has Incorrect Control Flow Scoping. The specific flaw exists wi...