CVE-2021-28136

Name of the Vulnerable Software and Affected Versions Espressif ESP-IDF versions 4.4 and earlier

Description The issue is related to the Bluetooth Classic implementation, which does not properly handle the reception of multiple LMP IO Capability Request packets during the pairing process. This allows attackers in radio range to trigger memory corruption, and consequently a crash, in ESP32 via a replayed LMP packet. The vulnerability can be exploited by a remote attacker using a specially crafted LMP packet, leading to a denial of service.

Recommendations For Espressif ESP-IDF versions 4.4 and earlier, consider disabling the Bluetooth Classic implementation until a patch is available to prevent exploitation. Restrict access to the pairing process to minimize the risk of memory corruption. Avoid using the LMP IO Capability Request packets in the affected implementation until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.