Vulnerabilities
Misconfiguration
Compliance
CVE Vulnerabilities

CVE-2021-34146

Published: Sep 07, 2021 | Modified: Nov 21, 2024
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
6.1 MEDIUM
AV:A/AC:L/Au:N/C:N/I:N/A:C
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM
Vulnerability-free packages from our partners
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2021-34146
CWEhttps://cwe.mitre.org/data/definitions/.html

The Bluetooth Classic implementation in the Cypress CYW920735Q60EVB does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and restart (crash) of the device by flooding it with LMP_AU_Rand packets after the paging procedure.

Affected Software

Name Vendor Start Version End Version
Cyw920735q60evb-01_firmware Cypress - (including) - (including)
Bluez-firmware Ubuntu esm-apps/jammy *
Bluez-firmware Ubuntu jammy *
Bluez-firmware Ubuntu kinetic *
Bluez-firmware Ubuntu lunar *
Bluez-firmware Ubuntu mantic *
Bluez-firmware Ubuntu trusty *
Bluez-firmware Ubuntu upstream *
Bluez-firmware Ubuntu xenial *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use