UBUNTU-CVE-2021-34145

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2021-34145

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-34145.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2021-34145

Related

CVE-2021-34145

Published

2021-09-07T07:15:00Z

Modified

2025-04-07T04:30:12Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMPmaxslot with an invalid Baseband packet type (and LTADDRESS and LTADDR) after completion of the LMP setup procedure, allowing attackers in radio range to trigger a denial of service (firmware crash) via a crafted LMP packet.

References

Affected packages

Ubuntu:22.04:LTS / bluez-firmware

Package

Name: bluez-firmware
Purl: pkg:deb/ubuntu/bluez-firmware@1.2-7?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2-7

Ecosystem specific

{
    "ubuntu_priority": "medium"
}