CVE-2021-28139

Name of the Vulnerable Software and Affected Versions Espressif ESP-IDF versions 4.4 and earlier

Description The Bluetooth Classic implementation does not properly restrict the Feature Page upon reception of an LMP Feature Response Extended packet, allowing attackers in radio range to trigger arbitrary code execution in ESP32 via a crafted Extended Features bitfield payload. This issue is part of a set of vulnerabilities known as BrakTooth, which can be used to crash or deactivate devices, execute malicious code, or take control of the system. The vulnerabilities affect the Bluetooth software stack and can be exploited without prior authorization, but the attacker needs to know the device's unique address. It is estimated that the vulnerabilities may affect billions of devices, including intelligent and industrial equipment using ESP32 SoC Espressif Systems, as well as some smartphones and laptops.

Recommendations For Espressif ESP-IDF versions 4.4 and earlier, consider disabling the Bluetooth Classic implementation until a patch is available. Restrict access to the LMP Feature Response Extended packet to minimize the risk of exploitation. Avoid using the Extended Features bitfield payload in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.