Lucene search

Ubuntu.comUB:CVE-2021-31615

HistoryJun 25, 2021 - 12:00 a.m.

CVE-2021-31615

2021-06-2500:00:00

ubuntu.com

bluetooth low energy

baseband links

crafted packet

mitm

encrypted links

protocol level

CVSS2

2.9

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

15.9%

JSON

Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core
Specifications 4.0 through 5.2 may permit an adjacent device to inject a
crafted packet during the receive window of the listening device before the
transmitting device initiates its packet transmission to achieve full MITM
status without terminating the link. When applied against devices
establishing or using encrypted links, crafted packets may be used to
terminate an existing link, but will not compromise the confidentiality or
integrity of the link.

Bugs

Notes

Author	Note
sbeattie	likely needs to be fixed at the protocol level

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchlinux< anyUNKNOWN
ubuntu22.04noarchlinux< anyUNKNOWN
ubuntu24.04noarchlinux< anyUNKNOWN
ubuntu20.04noarchlinux-aws< anyUNKNOWN
ubuntu22.04noarchlinux-aws< anyUNKNOWN
ubuntu24.04noarchlinux-aws< anyUNKNOWN
ubuntu20.04noarchlinux-aws-5.15< anyUNKNOWN
ubuntu22.04noarchlinux-aws-6.5< anyUNKNOWN
ubuntu20.04noarchlinux-azure< anyUNKNOWN
ubuntu22.04noarchlinux-azure< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	20.04	noarch	linux	< any	UNKNOWN
ubuntu	22.04	noarch	linux	< any	UNKNOWN
ubuntu	24.04	noarch	linux	< any	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	24.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	20.04	noarch	linux-aws-5.15	< any	UNKNOWN
ubuntu	22.04	noarch	linux-aws-6.5	< any	UNKNOWN
ubuntu	20.04	noarch	linux-azure	< any	UNKNOWN
ubuntu	22.04	noarch	linux-azure	< any	UNKNOWN

Rows per page:

1-10 of 581

References

bluetooth.com

launchpad.net/bugs/cve/CVE-2021-31615

nvd.nist.gov/vuln/detail/CVE-2021-31615

security-tracker.debian.org/tracker/CVE-2021-31615

www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/injectable/

www.cve.org/CVERecord?id=CVE-2021-31615

CVSS2

2.9

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

15.9%

JSON

Related for UB:CVE-2021-31615