CVE-2023-2683

Name of the Vulnerable Software and Affected Versions EFR32 Bluetooth LE stack versions 5.1.0 through 5.1.1

Description A memory leak in the EFR32 Bluetooth LE stack allows an attacker to send an invalid pairing message, causing future legitimate connection attempts to fail. The error is immediately cleared upon resetting the device.

Recommendations For versions 5.1.0 through 5.1.1, consider restarting the device after detecting an invalid pairing message to clear the error. As a temporary workaround, restrict the ability for unauthorized devices to send pairing messages to minimize the risk of exploitation.