Vulnerability Description
The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of multiple LMP IO Capability Request packets during the pairing process, allowing attackers in radio range to trigger memory corruption (and consequently a crash) in ESP32 via a replayed (duplicated) LMP packet.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Espressif | Esp-Idf | <= 4.4 |
| Espressif | Esp32 | - |
Related Weaknesses (CWE)
References
- https://dl.packetstormsecurity.net/papers/general/braktooth.pdfTechnical DescriptionThird Party Advisory
- https://github.com/espressif/esp-idfProductThird Party Advisory
- https://github.com/espressif/esp32-bt-libProductThird Party Advisory
- https://www.espressif.com/en/products/socs/esp32ProductVendor Advisory
- https://dl.packetstormsecurity.net/papers/general/braktooth.pdfTechnical DescriptionThird Party Advisory
- https://github.com/espressif/esp-idfProductThird Party Advisory
- https://github.com/espressif/esp32-bt-libProductThird Party Advisory
- https://www.espressif.com/en/products/socs/esp32ProductVendor Advisory
FAQ
What is CVE-2021-28136?
CVE-2021-28136 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of multiple LMP IO Capability Request packets during the pairing process, allowing atta...
How severe is CVE-2021-28136?
CVE-2021-28136 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-28136?
Check the references section above for vendor advisories and patch information. Affected products include: Espressif Esp-Idf, Espressif Esp32.