- Home
- Alerts & Advisories
- Alerts
- Multiple Vulnerabilities Affecting Bluetooth Devices
Alerts
Multiple Vulnerabilities Affecting Bluetooth Devices
31 August 2021
Researchers from the Singapore University of Technology and Design (SUTD) have discovered multiple vulnerabilities affecting devices utilising specific Bluetooth Link Manager Protocols that could allow an attacker in the radio range to trigger deadlocks, crashes or execute arbitrary code.
Affected devices include Internet of Things (IoT) devices such as smart home hubs, modules, smartphones, laptops and audio devices that utilise vulnerable Bluetooth classic implementations. The affected manufacturers include Espressif Systems, Harman International, Infineon, Silabs, Bluetrum, Zhuhai Jieli Technology, Actions Technology, Qualcomm, Texas Instruments and Intel.
For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerabilities entries.
The table below provides information on the specific vulnerabilities:
Multiple vulnerabilities
CVE Number | Description | CVSS Score | Affected Manufacturers |
|---|---|---|---|
CVE-2021-28139 | Type of Vulnerability: Remote Code Execution / Deadlock Vulnerability Name: Feature Pages Execution Impact: Successful exploitation of this vulnerability could execute arbitrary functions or even cause a deadlock in which a manual restart would be required | - | Espressif Systems |
CVE-2021-34144 | Type of Vulnerability: Deadlock Vulnerability Name: Truncated SCO Link Request Impact: Successful exploitation of this vulnerability could disrupt the Bluetooth connection and prevent external devices from connecting to the device | - | Zhuhai Jieli Technology |
CVE-2021-28136 | Type of Vulnerability: Crash Vulnerability Name: Duplicated IOCAP Impact: Successful exploitation of this vulnerability could crash the device and result in denial-of-service | - | Espressif Systems |
CVE-2021-28135 CVE-2021-28155 CVE-2021-31717 | Type of Vulnerability: Crash Vulnerability Name: Feature Response Flooding Impact: Successful exploitation of this vulnerability could crash the device | - | Espressif Systems, |
CVE-2021-31609 CVE-2021-31612 | Type of Vulnerability: Crash Vulnerability Name: LMP Auto Rate Overflow Impact: Successful exploitation of this vulnerability could crash the device and result in denial-of-service | - | Silabs, |
TBA | Type of Vulnerability: Deadlock Vulnerability Name: LMP 2-DH1 Overflow Impact: Successful exploitation of this vulnerability could disrupt the Bluetooth connection or even cause a deadlock in which a manual restart would be required | - | Qualcomm |
CVE-2021-34150 | Type of Vulnerability: Deadlock Vulnerability Name: LMP DM1 Overflow Impact: Successful exploitation of this vulnerability could disrupt the Bluetooth connection and prevent external devices from connecting to the device | - | Bluetrum |
CVE-2021-31613 | Type of Vulnerability: Crash Vulnerability Name: Truncated LMP Accepted Impact: Successful exploitation of this vulnerability could crash the device | - | Zhuhai Jieli Technology |
CVE-2021-31611 | Type of Vulnerability: Deadlock Vulnerability Name: Invalid Setup Complete Impact: Successful exploitation of this vulnerability could disrupt the Bluetooth connection and result in denial-of-service | - | Zhuhai Jieli Technology |
CVE-2021-31785 | Type of Vulnerability: Deadlock Vulnerability Name: Host Connection Flooding Impact: Successful exploitation of this vulnerability could disrupt the Bluetooth connection and result in denial-of-service | - | Actions Technology |
CVE-2021-31786 | Type of Vulnerability: Deadlock Vulnerability Name: Same Host Connection Impact: Successful exploitation of this vulnerability could disrupt the Bluetooth connection or even cause a deadlock in which a manual restart would be required | - | Actions Technology |
CVE-2021-31610 CVE-2021-34149 CVE-2021-34146 CVE-2021-34143 | Type of Vulnerability: Crash / Deadlock Vulnerability Name: LMP AU Rand Flooding Impact: Successful exploitation of this vulnerability could crash the device or cause a deadlock in which a manual restart would be required | - | Bluetrum, |
CVE-2021-34145 | Type of Vulnerability: Crash Vulnerability Name: Invalid Max Slot Type Impact: Successful exploitation of this vulnerability could crash the device | - | Infineon |
CVE-2021-34148 | Type of Vulnerability: Crash Vulnerability Name: Max Slot Length Overflow Impact: Successful exploitation of this vulnerability could crash the device | - | Infineon |
CVE-2021-34147, TBA | Type of Vulnerability: Crash Vulnerability Name: Invalid Timing Accuracy Impact: Successful exploitation of this vulnerability could crash the device or result in denial-of-service | - | Intel, |
TBA | Type of Vulnerability: Deadlock Vulnerability Name: Paging Scan Disable Impact: Successful exploitation of this vulnerability could disrupt the Bluetooth connection and result in denial-of-service | - | Intel |
Users and administrators of the affected products are advised to install the latest security updates from the respective manufacturers immediately.
If the updates are not available, users and administrators are encouraged to refer to the respective manufacturers’ website regularly for updates and recommended actions. Where practical, they could also consider turning off the device's Bluetooth communications protocol when not in use as a temporary mitigation measure.
Information for the available security updates are as follows:
Bluetrum: Available upon request from manufacturer
Infineon: Available upon request from manufacturer
Espressif Systems:
https://github.com/espressif/esp-idf/tree/bf71f494a165aba5e5365e17e1e258598d9fc172
More information is available here: