Security News > 2021 > June > Vulnerabilities in Zephyr's Bluetooth LE Stack May Lead to DoS Attacks
Multiple vulnerabilities recently patched in Zephyr's Bluetooth LE stack could be exploited to cause denial of service conditions, prevent further connections, or even leak sensitive information, according to a warning from researchers at the Synopsys Cybersecurity Research Center.
The platform includes support for multiple network protocols, including the full Bluetooth LE stack.
The Bluetooth LE Link Layer and L2CAP implementations, Synopsys CyRC security researcher Matias Karhumaa discovered, were impacted by eight vulnerabilities that mainly provided attackers with the ability to freeze vulnerable devices when within Bluetooth LE range.
"All of the reported vulnerabilities can be triggered from within the range of Bluetooth LE. Triggering the vulnerability does not require authentication or encryption. The only requirement is that the device is in advertising mode and accepting connections," the researcher explained.
Six of the eight vulnerabilities could be exploited to cause a denial of service condition or freeze the target device, one could lead to deadlock, and another to information leakage.
The vulnerabilities were reported to the Zephyr security team on March 11 and were addressed with the release of Zephyr 2.6.0 on June 5.
News URL
Related news
- New 'Loop DoS' Attack Impacts Hundreds of Thousands of Systems (source)
- New ‘Loop DoS’ attack may impact up to 300,000 online systems (source)
- Some 300,000 IPs vulnerable to this Loop DoS attack (source)
- Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks (source)
- New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks (source)
- New HTTP/2 DoS attack can crash web servers with a single connection (source)