Bluetooth Denial of Service Vulnerabilities (‘Braktooth’) related to IFX Bluetooth products

Public Statement embargoed for release until August 30^th, 2021

Bluetooth Classic Denial of Service Vulnerabilities for IFX Wireless Connectivity Devices Shipped to Customers

On May 13, 2021, the Singapore University of Technology and Design (SUTD) contacted Infineon Technologies reporting that their research group had found four vulnerabilities that can lead the CYW20735 product to crash and restart if an attacker within the Bluetooth Classic (BT Classic) radio range sends certain unexpected LMP packets. Analysis performed by Infineon on a number of our chipsets supporting BT Classic indicated that these vulnerabilities were valid.  Details of these reported vulnerabilities can be found at the following public link:

https://asset-group.github.io/disclosures/braktooth/

In response, Infineon developed the relevant patches for these vulnerabilities. These patches have been implemented in BT SDK 3.2, available in late Q4 2021.  On August 13, 2022, the SUTD research group reported to Infineon that it had validated the patches for the affected CVE’s.

Below is the list of affected CVEs, all of which have patches available for the described vulnerabilities:

Customers should update their products with the latest Bluetooth SDK.  If further assistance is needed, please create a support case through our secure support portal or by contacting their Infineon representative to request an updated SDK.

Infineon wishes to thank the Singapore University of Technology and Design for their responsible disclosure of these vulnerabilities and their responsive interaction during the analysis and final testing of the patches described above.

If you believe you have identified a vulnerability in any Infineon product, please visit our security response page and email the Product Security Incident Response Team (PSIRT) at psirt@infineon.com.