Vulnerability Description
The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (crash) in ESP32 by flooding the target device with LMP Feature Response data.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Espressif | Esp-Idf | <= 4.4 |
References
- https://dl.packetstormsecurity.net/papers/general/braktooth.pdfBroken Link
- https://github.com/espressif/esp-idfThird Party Advisory
- https://github.com/espressif/esp32-bt-libThird Party Advisory
- https://www.espressif.com/en/products/socs/esp32Product
- https://dl.packetstormsecurity.net/papers/general/braktooth.pdfBroken Link
- https://github.com/espressif/esp-idfThird Party Advisory
- https://github.com/espressif/esp32-bt-libThird Party Advisory
- https://www.espressif.com/en/products/socs/esp32Product
FAQ
What is CVE-2021-28135?
CVE-2021-28135 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a...
How severe is CVE-2021-28135?
CVE-2021-28135 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-28135?
Check the references section above for vendor advisories and patch information. Affected products include: Espressif Esp-Idf.