From c616a1719f2a2accf427766f596cb12e7515b371 Mon Sep 17 00:00:00 2001
From: Flavio Ceolin <flavio.ceolin@gmail.com>
Date: Sun, 15 Dec 2024 15:36:30 -0800
Subject: [PATCH] doc: security: Disclose CVE-2024-8798

Disclose information about published CVE.

Signed-off-by: Flavio Ceolin <flavio.ceolin@gmail.com>
---
 doc/security/vulnerabilities.rst | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/doc/security/vulnerabilities.rst b/doc/security/vulnerabilities.rst
index da3b353d9893f0..0d75d120aa7ec2 100644
--- a/doc/security/vulnerabilities.rst
+++ b/doc/security/vulnerabilities.rst
@@ -1788,7 +1788,18 @@ This has been fixed in main for v3.7.0
 :cve:`2024-8798`
 ----------------
 
-Under embargo until 2024-11-22
+Bluetooth: classic: avdtp: missing buffer length check
+
+- `Zephyr project bug tracker GHSA-r7pm-f93f-f7fp
+  <https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-r7pm-f93f-f7fp>`_
+
+This has been fixed in main for v4.0.0
+
+- `PR 77969 fix for main
+  <https://github.com/zephyrproject-rtos/zephyr/pull/77969>`_
+
+- `PR 78409 fix for 3.7
+  <https://github.com/zephyrproject-rtos/zephyr/pull/78409>`_
 
 :cve:`2024-10395`
 -----------------