CVE-2021-34146

Name of the Vulnerable Software and Affected Versions Cypress CYW920735Q60EVB (affected versions not specified) CC256xCQFN-EM (affected versions not specified)

Description The Bluetooth Classic implementation does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and restart of the device by flooding it with LMP AU Rand packets after the paging procedure. Additionally, there are buffer overflow errors in the dynamic memory of the Bluetooth Classic software implementation, which can be exploited by a remote attacker to cause a denial of service.

Recommendations For Cypress CYW920735Q60EVB, consider disabling the reception of unsolicited LMP responses as a temporary workaround until a patch is available. For CC256xCQFN-EM, restrict access to the dynamic memory to minimize the risk of buffer overflow exploitation until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.