CVE-2021-31615
MEDIUMBluetooth Core Specification 4.0-5.2 - Race Condition via Unencrypted BLE Baseband Packet Injection
Title source: llmDescription
Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 may permit an adjacent device to inject a crafted packet during the receive window of the listening device before the transmitting device initiates its packet transmission to achieve full MITM status without terminating the link. When applied against devices establishing or using encrypted links, crafted packets may be used to terminate an existing link, but will not compromise the confidentiality or integrity of the link.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://bluetooth.com
Vendor Advisory x_refsource_misc
https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/injectable/
Scores
CVSS v3
5.3
EPSS
0.0040
EPSS Percentile
31.8%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-362
Status
published
Products (1)
bluetooth/bluetooth_core_specification
4.0 - 5.2
Published
Jun 25, 2021
Tracked Since
Feb 18, 2026