CVE-2021-31785

The Bluetooth Classic implementation on Actions ATS2815 and ATS2819 chipsets does not properly handle the reception of multiple LMP_host_connection_req packets, allowing attackers in radio range to trigger a denial of service (deadlock) of the device via crafted LMP packets. Manual user intervention is required to restart the device and restore Bluetooth communication.

CVSS v3.0 6.5 MEDIUM
CVSS v2.0 6.1 MEDIUM

6.5^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

6.1^/10

CVSS v2.0 : MEDIUM

Vector : AV:A/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 6.5 / Impact : 6.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://dl.packetstormsecurity.net/papers/general/braktooth.pdf	Technical Description Third Party Advisory
https://www.actions-semi.com/index.php?id=3581&siteId=4	Broken Link Vendor Advisory
https://launchstudio.bluetooth.com/ListingDetails/76427	Third Party Advisory

Advertisement

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:actions-semi:ats2819p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:actions-semi:ats2819p:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:actions-semi:ats2815_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:actions-semi:ats2815:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:actions-semi:ats2819_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:actions-semi:ats2819:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:actions-semi:ats2819s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:actions-semi:ats2819s:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:actions-semi:ats2819t_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:actions-semi:ats2819t:-:*:*:*:*:*:*:*

Information

Published : 2021-09-07 00:15

Updated : 2022-05-03 09:04

NVD link : CVE-2021-31785

Mitre link : CVE-2021-31785

JSON object : View

CWE

CWE-667

Improper Locking

Advertisement

Products Affected

actions-semi

ats2819p
ats2819_firmware
ats2815_firmware
ats2819t
ats2815
ats2819
ats2819s
ats2819p_firmware
ats2819s_firmware
ats2819t_firmware

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf", "name": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf", "tags": ["Technical Description", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://www.actions-semi.com/index.php?id=3581&siteId=4", "name": "https://www.actions-semi.com/index.php?id=3581&siteId=4", "tags": ["Broken Link", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://launchstudio.bluetooth.com/ListingDetails/76427", "name": "https://launchstudio.bluetooth.com/ListingDetails/76427", "tags": ["Third Party Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Bluetooth Classic implementation on Actions ATS2815 and ATS2819 chipsets does not properly handle the reception of multiple LMP_host_connection_req packets, allowing attackers in radio range to trigger a denial of service (deadlock) of the device via crafted LMP packets. Manual user intervention is required to restart the device and restore Bluetooth communication."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-667"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-31785", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.1, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 6.9, "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}}, "publishedDate": "2021-09-07T07:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:actions-semi:ats2819p_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:actions-semi:ats2819p:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:actions-semi:ats2815_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:actions-semi:ats2815:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:actions-semi:ats2819_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:actions-semi:ats2819:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:actions-semi:ats2819s_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:actions-semi:ats2819s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:actions-semi:ats2819t_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:actions-semi:ats2819t:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-05-03T16:04Z"}