Vulnerabilities
Misconfiguration
Compliance
CVE Vulnerabilities

CVE-2021-34146

Published: Sep 07, 2021 | Modified: Nov 21, 2024
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
6.1 MEDIUM
AV:A/AC:L/Au:N/C:N/I:N/A:C
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM
Vulnerability-free packages from our partners
root.io logo minimus.io logo echo.ai logo
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2021-34146
CWEhttps://cwe.mitre.org/data/definitions/.html

The Bluetooth Classic implementation in the Cypress CYW920735Q60EVB does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and restart (crash) of the device by flooding it with LMP_AU_Rand packets after the paging procedure.

Affected Software

NameVendorStart VersionEnd Version
Cyw920735q60evb-01_firmwareCypress- (including)- (including)
Bluez-firmwareUbuntuesm-apps/jammy*
Bluez-firmwareUbuntujammy*
Bluez-firmwareUbuntukinetic*
Bluez-firmwareUbuntulunar*
Bluez-firmwareUbuntumantic*
Bluez-firmwareUbuntutrusty*
Bluez-firmwareUbuntuupstream*
Bluez-firmwareUbuntuxenial*

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2026 Aqua Security Software Ltd.   Privacy Policy | Terms of Use