CVE-2019-19195

Name of the Vulnerable Software and Affected Versions Microchip Technology BluSDK Smart versions through 6.2 for ATSAMB11 devices

Description The issue is related to the Bluetooth Low Energy implementation, which does not properly restrict link-layer data length on reception. This allows attackers within radio range to cause a denial of service, resulting in a crash, by sending a crafted packet.

Recommendations For versions through 6.2, consider implementing packet length validation to prevent crashes due to oversized packets. As a temporary workaround, restrict access to the Bluetooth Low Energy functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.