CVE-2021-31785 - OpenCVE

The Bluetooth Classic implementation on Actions ATS2815 and ATS2819 chipsets does not properly handle the reception of multiple LMP_host_connection_req packets, allowing attackers in radio range to trigger a denial of service (deadlock) of the device via crafted LMP packets. Manual user intervention is required to restart the device and restore Bluetooth communication.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:A/AC:L/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Actions-semi	Ats2819 Ats2819s Firmware Ats2819s Ats2819t Firmware Ats2819p Firmware Ats2819 Firmware Ats2815 Ats2819t Ats2819p Ats2815 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:actions-semi:ats2819p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:actions-semi:ats2819p:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:actions-semi:ats2815_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:actions-semi:ats2815:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:actions-semi:ats2819_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:actions-semi:ats2819:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:actions-semi:ats2819s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:actions-semi:ats2819s:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:actions-semi:ats2819t_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:actions-semi:ats2819t:-:*:*:*:*:*:*:*

References

Link	Resource
https://dl.packetstormsecurity.net/papers/general/braktooth.pdf	Technical Description Third Party Advisory
https://launchstudio.bluetooth.com/ListingDetails/76427	Third Party Advisory
https://www.actions-semi.com/index.php?id=3581&siteId=4	Broken Link Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-09-07T06:07:39

Updated: 2021-09-07T06:07:39

Reserved: 2021-04-23T00:00:00

Link: CVE-2021-31785

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-09-07T07:15:07.143

Modified: 2022-05-03T16:04:40.443

Link: CVE-2021-31785

JSON object: View

Redhat Information

No data.

CWE

CWE-667

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Bluetooth Classic implementation on Actions ATS2815 and ATS2819 chipsets does not properly handle the reception of multiple LMP_host_connection_req packets, allowing attackers in radio range to trigger a denial of service (deadlock) of the device via crafted LMP packets. Manual user intervention is required to restart the device and restore Bluetooth communication."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-09-07T06:07:39", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.actions-semi.com/index.php?id=3581&siteId=4"}, {"tags": ["x_refsource_MISC"], "url": "https://launchstudio.bluetooth.com/ListingDetails/76427"}, {"tags": ["x_refsource_MISC"], "url": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-31785", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Bluetooth Classic implementation on Actions ATS2815 and ATS2819 chipsets does not properly handle the reception of multiple LMP_host_connection_req packets, allowing attackers in radio range to trigger a denial of service (deadlock) of the device via crafted LMP packets. Manual user intervention is required to restart the device and restore Bluetooth communication."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.actions-semi.com/index.php?id=3581&siteId=4", "refsource": "MISC", "url": "https://www.actions-semi.com/index.php?id=3581&siteId=4"}, {"name": "https://launchstudio.bluetooth.com/ListingDetails/76427", "refsource": "MISC", "url": "https://launchstudio.bluetooth.com/ListingDetails/76427"}, {"name": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf", "refsource": "MISC", "url": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-31785", "datePublished": "2021-09-07T06:07:39", "dateReserved": "2021-04-23T00:00:00", "dateUpdated": "2021-09-07T06:07:39", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:actions-semi:ats2819p_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "B034D11B-2F14-4283-8E99-27A9D7381CCE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:actions-semi:ats2819p:-:*:*:*:*:*:*:*", "matchCriteriaId": "A4590A4D-CA4A-467B-9A0C-DDBAF32576D4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:actions-semi:ats2815_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F959F1E4-A733-4454-8FC0-4A567946E582", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:actions-semi:ats2815:-:*:*:*:*:*:*:*", "matchCriteriaId": "23646581-74EE-4C65-8BC8-D248C9A481F8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:actions-semi:ats2819_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "9293F654-73A6-4307-9610-91CFCB3B896D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:actions-semi:ats2819:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E76B147-A1D1-4160-B87D-31DD5F9DFF1B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:actions-semi:ats2819s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "4935084A-87E2-4041-8108-37407D888798", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:actions-semi:ats2819s:-:*:*:*:*:*:*:*", "matchCriteriaId": "6F918DD8-1070-44F5-A167-1D151430A89A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:actions-semi:ats2819t_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7243C2D0-67F2-4EC1-8A52-7540C3117293", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:actions-semi:ats2819t:-:*:*:*:*:*:*:*", "matchCriteriaId": "36CB59B4-95EB-487C-86EB-E8657D1C2286", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The Bluetooth Classic implementation on Actions ATS2815 and ATS2819 chipsets does not properly handle the reception of multiple LMP_host_connection_req packets, allowing attackers in radio range to trigger a denial of service (deadlock) of the device via crafted LMP packets. Manual user intervention is required to restart the device and restore Bluetooth communication."}, {"lang": "es", "value": "Una implementaci\u00f3n de Bluetooth Classic en los conjuntos de chips Actions ATS2815 y ATS2819, no maneja apropiadamente la recepci\u00f3n de m\u00faltiples paquetes LMP_host_connection_req, permitiendo a atacantes en el rango de radio desencadenar una denegaci\u00f3n de servicio (bloqueo) del dispositivo por medio de paquetes LMP dise\u00f1ados. Es requerida una intervenci\u00f3n manual del usuario para reiniciar el dispositivo y restaurar la comunicaci\u00f3n Bluetooth"}], "id": "CVE-2021-31785", "lastModified": "2022-05-03T16:04:40.443", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-09-07T07:15:07.143", "references": [{"source": "cve@mitre.org", "tags": ["Technical Description", "Third Party Advisory"], "url": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://launchstudio.bluetooth.com/ListingDetails/76427"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Vendor Advisory"], "url": "https://www.actions-semi.com/index.php?id=3581&siteId=4"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-667"}], "source": "nvd@nist.gov", "type": "Primary"}]}