CVE-2021-28135

Name of the Vulnerable Software and Affected Versions Espressif ESP-IDF versions 4.4 and earlier

Description The issue arises from insufficient input validation in the Bluetooth Classic implementation, allowing a remote attacker to cause a denial of service by flooding the target device with LMP Feature Response data. This can trigger a crash in ESP32 devices. The estimated number of potentially affected devices worldwide is not specified.

Recommendations For Espressif ESP-IDF versions 4.4 and earlier, consider disabling the Bluetooth Classic implementation until a patch is available to prevent exploitation. Restrict access to the LMP Feature Response data to minimize the risk of denial of service attacks. Avoid using the LMP Feature Response data in the affected Bluetooth Classic implementation until the issue is resolved.