CVE-2021-31615

Name of the Vulnerable Software and Affected Versions Bluetooth Core Specifications versions 4.0 through 5.2

Description The issue affects unencrypted Bluetooth Low Energy baseband links, allowing an adjacent device to inject a crafted packet during the receive window of the listening device. This can achieve full Man-In-The-Middle (MITM) status without terminating the link. However, when applied against devices using encrypted links, the crafted packets may only terminate an existing link without compromising the confidentiality or integrity of the link.

Recommendations For Bluetooth Core Specifications versions 4.0 through 5.2, consider implementing encryption for Bluetooth Low Energy baseband links to prevent MITM attacks. As a temporary workaround, restrict the use of unencrypted links to minimize the risk of exploitation.