CVE-2021-31610

Name of the Vulnerable Software and Affected Versions AB32VG1 devices (affected versions not specified)

Description The Bluetooth Classic implementation does not properly handle the reception of continuous unsolicited LMP responses. This allows attackers in radio range to trigger a denial of service, either restarting or deadlocking the device, by flooding it with LMP AU rand data. The issue is also related to errors in resource release. An attacker can exploit this to cause the device to hang and restart.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.