CVE-2021-31785

Name of the Vulnerable Software and Affected Versions Actions ATS2815 and ATS2819 chipsets (affected versions not specified)

Description The Bluetooth Classic implementation does not properly handle the reception of multiple LMP host connection req packets, allowing attackers in radio range to trigger a denial of service (deadlock) of the device via crafted LMP packets. This issue exists due to insufficient input validation in the Bluetooth Classic implementation. Manual user intervention is required to restart the device and restore Bluetooth communication.

Recommendations For Actions ATS2815 and ATS2819 chipsets, as a temporary workaround, consider disabling Bluetooth communication until a patch is available. Restrict access to the device when not in use to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.