CVE-2024-1638

Name of the Vulnerable Software and Affected Versions Bluetooth (affected versions not specified)

Description The issue concerns the BT GATT PERM READ LESC and BT GATT PERM WRITE LESC defines for a Bluetooth characteristic, which specify attribute read/write permission with LE Secure Connection encryption. When set, these permissions require LE Secure Connections for read/write access, but only when combined with other permissions, such as BT GATT PERM READ ENCRYPT/BT GATT PERM READ AUTHEN for read or BT GATT PERM WRITE ENCRYPT/BT GATT PERM WRITE AUTHEN for write. If these additional permissions are not set, even in secure connections only mode, the stack does not perform permission checks on these characteristics, allowing them to be freely written or read.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.