https://devzone.nordicsemi.com/f/nordic-q-a/127415/need-help-interpreting-vulnerability-reports-for-nrf-connect-sdk-2-9-0---zephyr-3-7-99I am working on a project, in which we are using nRF Connect SDK v2.9.0 on a custom board with the nRF5340 SoC. The device is a BLE peripheral implementing a couple of GATT services. While checking the software dependencies in our project for knownen-USTelligent Community 13Thu, 26 Mar 2026 22:31:17 GMThttps://devzone.nordicsemi.com/thread/564136?ContentTypeID=1Thu, 26 Mar 2026 22:31:17 GMT137ad170-7792-4731-bb38-c0d22fbe4515:4fc3f4c7-1ff8-403c-ae32-2eb8d7f56ccdKenneth<p>Hello,</p> <p>I have pinged the team again. sorry for the delay.</p> <p>Kenneth</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/564089?ContentTypeID=1Thu, 26 Mar 2026 10:32:55 GMT137ad170-7792-4731-bb38-c0d22fbe4515:e823bf57-cd99-41f5-ad73-90d4753e9ffaRobbe Vancayseele<p>Hi Kenneth, can you provide any updates on this topic?</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/563530?ContentTypeID=1Wed, 18 Mar 2026 08:39:42 GMT137ad170-7792-4731-bb38-c0d22fbe4515:b03154f2-32b6-478e-98f4-9b88c9aa5a24Robbe Vancayseele<p>One thing I would like to add: I believe we are only executing code from flash. So if these exploits allow corruption of data in RAM, but all RAM regions are configured in the SPU without execute permission, these vulnerabilities cannot lead to RCE.</p> <p>The problem is I cannot find any good documentation on how the SPU is configured when using Zephyr.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/563192?ContentTypeID=1Fri, 13 Mar 2026 09:54:53 GMT137ad170-7792-4731-bb38-c0d22fbe4515:a5e7c26f-ed9f-42e7-a0db-7a24eb358bfcKenneth<p>Hello,</p> <p>Let me check internally and get back to you.</p> <p>Kenneth</p><div style="clear:both;"></div>