CVE-2021-31613

Name of the Vulnerable Software and Affected Versions Zhuhai Jieli AC690X and AC692X devices (affected versions not specified)

Description The Bluetooth Classic implementation does not properly handle the reception of a truncated LMP packet during the LMP auto rate procedure. This allows attackers in radio range to immediately crash and restart a device via a crafted LMP packet. The issue exists due to insufficient input validation in the Bluetooth Classic implementation.

Recommendations For Zhuhai Jieli AC690X and AC692X devices, consider disabling Bluetooth functionality until a patch is available to prevent exploitation. Restrict access to devices to minimize the risk of exploitation by attackers in radio range. At the moment, there is no information about a newer version that contains a fix for this vulnerability.