Frieder Steinmetz

**Name of the Vulnerable Software and Affected Versions** Airoha Bluetooth audio SDK versions prior to August 4, 2025 **Description** The Airoha Bluetooth audio SDK contains a permission bypass that allows access to critical data of the RACE protocol through the Bluetooth LE GATT service. This can lead to remote escalation of privilege without requiring additional execution privileges or user interaction. Reports indicate that attackers within Bluetooth range can hijack connections, make calls, and eavesdrop through a device's microphone. The vulnerability affects 29 audio devices from brands including Bose, Sony, and Jabra. The issue has been actively exploited. **Recommendations** Update the Airoha Bluetooth audio SDK to a version released after August 4, 2025.

**Name of the Vulnerable Software and Affected Versions** Airoha Bluetooth audio SDK (affected versions not specified) **Description** The Airoha Bluetooth audio SDK contains a flaw that allows Bluetooth audio devices to pair without user consent. This can result in remote escalation of privilege without requiring additional execution privileges. Exploitation does not require user interaction. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Airoha Bluetooth audio SDK (affected versions not specified) **Description** The Airoha Bluetooth audio SDK contains a flaw involving unauthorized access to the RACE protocol. This access could allow for remote escalation of privilege without requiring additional execution privileges, and does not require user interaction for exploitation. Reports indicate that devices utilizing Airoha chips may be susceptible to unauthorized access and eavesdropping due to a lack of authentication. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Auracast versions prior to SMR Mar-2025 Release 1 **Description** The issue arises from the use of insufficiently random values in Auracast, allowing adjacent attackers to access Auracast broadcasting. **Recommendations** For versions prior to SMR Mar-2025 Release 1, update to SMR Mar-2025 Release 1 or later to resolve the issue.