You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Do the BrakTooth Bluetooth Link Manager critical vulnerabilities impact the Bluetooth (ble mesh) stack that ESPHome uses on ESP32?
https://www.cnx-software.com/2021/09/13/braktooth-vulnerabilities-bluetooth-espressif-intel-qualcomm/
https://threatpost.com/bluetooth-bugs-dos-code-execution/169159/
https://amp.thehackernews.com/thn/2021/09/new-braktooth-flaws-leave-millions-of.html
Espressif ESP32 firmware is possibly subject to Arbitrary Code Execution (ACE) via potential BrakTooth security exploits.
https://asset-group.github.io/disclosures/braktooth/
Espressif has already have released patchsets for ESP-IDF as well as added recommendations for securing BT implementations:
https://www.espressif.com/sites/default/files/advisory_downloads/AR2021-004%20Bluetooth%20Security%20Advisory.pdf
Security Advisory for Bluetooth Vulnerability
Issue date:
2021-08-31
Advisory Number:
AR2021-004
Serial Number:
CVE-2020-10135
CVE-2020-13595
CVE-2020-26555
CVE-2020-26556
CVE-2020-26557
CVE-2020-26558
CVE-2020-26559
CVE-2020-26560
CVE-2021-28135
CVE-2021-28136
CVE-2021-28139
Version V1.0
Upstream ESP-IDF Arduino core 2.0.0 (IDF 4.4 branch S2 and C3 build) now include espressif/esp-idf@d4232ee
Upstream ESP-IDF Arduino Core 1.0.7.x based on actual IDF 3.3 (branch) now include espressif/esp-idf@35bbd1b
Beta Was this translation helpful? Give feedback.
All reactions