cancel
Showing results for 
Search instead for 
Did you mean: 

Security Bulletin

SaraLeslie
Community Manager
Community Manager

Bluetooth Denial of Service Vulnerabilities (‘Braktooth’) related to IFX Bluetooth products

Public Statement embargoed for release until August 30th, 2021

Bluetooth Classic Denial of Service Vulnerabilities for IFX Wireless Connectivity Devices Shipped to Customers

On May 13, 2021, the Singapore University of Technology and Design (SUTD) contacted Infineon Technologies reporting that their research group had found four vulnerabilities that can lead the CYW20735 product to crash and restart if an attacker within the Bluetooth Classic (BT Classic) radio range sends certain unexpected LMP packets. Analysis performed by Infineon on a number of our chipsets supporting BT Classic indicated that these vulnerabilities were valid.  Details of these reported vulnerabilities can be found at the following public link:

https://asset-group.github.io/disclosures/braktooth/

In response, Infineon developed the relevant patches for these vulnerabilities. These patches have been implemented in BT SDK 3.2, available in late Q4 2021.  On August 13, 2022, the SUTD research group reported to Infineon that it had validated the patches for the affected CVE’s.

Below is the list of affected CVEs, all of which have patches available for the described vulnerabilities:

CVE # as reported

Description

Devices Affected

CVE-2021-34145

Invalid Max Slot Type

Infineon Bluetooth stand-alone and Wi-Fi Combo devices

CVE-2021-34346

AU Rand Flooding

CVE-2021-34147

Invalid Timing Accuracy

CVE-2021-34148

Max Slot Length Overflow

CVE-2021-TBD

Ignore Encryption Stop

 

Customers should update their products with the latest Bluetooth SDK.  If further assistance is needed, please create a support case through our secure support portal or by contacting their Infineon representative to request an updated SDK.

Infineon wishes to thank the Singapore University of Technology and Design for their responsible disclosure of these vulnerabilities and their responsive interaction during the analysis and final testing of the patches described above.

If you believe you have identified a vulnerability in any Infineon product, please visit our security response page and email the Product Security Incident Response Team (PSIRT) at psirt@infineon.com.

0 Likes
About the Author
Community Manager, Strategist, Blogger, Moderator and Leader.