Bluetooth Denial of Service Vulnerabilities (‘Braktooth’) related to IFX Bluetooth products
Public Statement embargoed for release until August 30th, 2021
Bluetooth Classic Denial of Service Vulnerabilities for IFX Wireless Connectivity Devices Shipped to Customers
On May 13, 2021, the Singapore University of Technology and Design (SUTD) contacted Infineon Technologies reporting that their research group had found four vulnerabilities that can lead the CYW20735 product to crash and restart if an attacker within the Bluetooth Classic (BT Classic) radio range sends certain unexpected LMP packets. Analysis performed by Infineon on a number of our chipsets supporting BT Classic indicated that these vulnerabilities were valid. Details of these reported vulnerabilities can be found at the following public link:
In response, Infineon developed the relevant patches for these vulnerabilities. These patches have been implemented in BT SDK 3.2, available in late Q4 2021. On August 13, 2022, the SUTD research group reported to Infineon that it had validated the patches for the affected CVE’s.
Below is the list of affected CVEs, all of which have patches available for the described vulnerabilities:
CVE # as reported
Invalid Max Slot Type
Infineon Bluetooth stand-alone and Wi-Fi Combo devices
AU Rand Flooding
Invalid Timing Accuracy
Max Slot Length Overflow
Ignore Encryption Stop
Customers should update their products with the latest Bluetooth SDK. If further assistance is needed, please create a support case through our secure support portal or by contacting their Infineon representative to request an updated SDK.
Infineon wishes to thank the Singapore University of Technology and Design for their responsible disclosure of these vulnerabilities and their responsive interaction during the analysis and final testing of the patches described above.
If you believe you have identified a vulnerability in any Infineon product, please visit our security response page and email the Product Security Incident Response Team (PSIRT) at firstname.lastname@example.org.