CVE-2021-34148
First published: Tue Sep 07 2021(Updated: )
The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with a greater ACL Length after completion of the LMP setup procedure, allowing attackers in radio range to trigger a denial of service (firmware crash) via a crafted LMP packet.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cypress Wireless Internet Connectivity For Embedded Devices | <=2.9.0 | |
| Cypress Cyw20735b1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2021-34148.
What is the severity rating of CVE-2021-34148?
CVE-2021-34148 has a severity rating of 6.5 (medium).
Which devices are affected by CVE-2021-34148?
Devices running Cypress WICED BT stack through version 2.9.0 for CYW20735B1 are affected by CVE-2021-34148.
What is the impact of CVE-2021-34148?
CVE-2021-34148 allows attackers in radio range to trigger a denial of service (DoS) by exploiting a vulnerability in the Bluetooth Classic implementation.
Are Cypress CYW20735B1 devices vulnerable to CVE-2021-34148?
No, Cypress CYW20735B1 devices are not vulnerable to CVE-2021-34148.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/event
- agent/tags
- agent/description
- agent/first-publish-date
- agent/source
- vendor/cypress
- canonical/cypress wireless internet connectivity for embedded devices
- version/cypress wireless internet connectivity for embedded devices/2.9.0
- canonical/cypress cyw20735b1