CVE-2024-48289

Name of the Vulnerable Software and Affected Versions Cypress Bluetooth SDK version 3.66

Description The issue is related to a buffer overflow in the memory when handling the data header length field of the LL Pause Enc Req, which is part of the Bluetooth Low Energy (BLE) technology. This can be exploited by a remote attacker to cause a Denial of Service (DoS) by sending specially crafted packets, such as a crafted LL PAUSE ENC REQ packet.

Recommendations For Cypress Bluetooth SDK version 3.66, consider disabling the handling of LL Pause Enc Req packets until a patch is available to prevent potential Denial of Service (DoS) attacks. Restrict access to the Bluetooth Low Energy implementation to minimize the risk of exploitation. Avoid using the LL PAUSE ENC REQ packet in the affected API endpoint until the issue is resolved.