CVE-2021-34147

Name of the Vulnerable Software and Affected Versions Cypress WICED BT stack versions through 2.9.0 for CYW20735B1

Description The Bluetooth Classic implementation in the Cypress WICED BT stack does not properly handle the reception of a malformed LMP timing accuracy response followed by multiple reconnections to the link slave, allowing attackers to exhaust device BT resources and eventually trigger a crash via multiple attempts of sending a crafted LMP timing accuracy response followed by a sudden reconnection with a random BDAddress. This issue exists due to insufficient input validation.

Recommendations For Cypress WICED BT stack versions through 2.9.0 for CYW20735B1, consider disabling the Bluetooth Classic implementation until a patch is available to prevent exploitation. As a temporary workaround, restrict the number of reconnections to the link slave to minimize the risk of resource exhaustion. Avoid using the LMP timing accuracy response feature in the affected Bluetooth Classic implementation until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.