CVE-2018-19860

Name of the Vulnerable Software and Affected Versions Broadcom firmware versions prior to summer 2014

Description The issue is related to the improper restriction of LMP commands in Broadcom firmware, which can lead to the execution of certain memory contents upon receiving an LMP command. This can be demonstrated by executing an HCI command. The estimated number of potentially affected devices worldwide is not specified.

Recommendations For Broadcom firmware versions prior to summer 2014, consider disabling the execution of LMP commands as a temporary workaround until a patch is available. Restrict access to the vulnerable firmware to minimize the risk of exploitation. Avoid using the LMP command in the affected devices until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.