VDB
CVE-2021-31615
CVE-2021-31615
PUBLISHED
Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 may permit an adjacent device to inject a crafted packet during the receive window of the listening device before the transmitting device initiates its packet transmission to achieve full MITM status without terminating the link. When applied against devices establishing or using encrypted links, crafted packets may be used to terminate an existing link, but will not compromise the confidentiality or integrity of the link.
EPSS 0.25% · 48.2th percentile
Risk Scores
EPSS Score
0.25%
48.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:20.04:LTS | linux-oracle | 5.4.0-1145.155, 5.4.0-1103.112, 5.4.0-1102.111 |
| Ubuntu:16.04:LTS | linux-hwe-edge | 4.15.0-23.25~16.04.1, *, * |
| Ubuntu:20.04:LTS | linux-gkeop-5.15 | *, *, * |
| Ubuntu:22.04:LTS | linux-intel-iot-realtime | 0, 5.15.0-1073.75 |
| Ubuntu:Pro:20.04:LTS | linux-gcp | 5.4.0-1086.94, 5.4.0-1111.120, 5.4.0-1146.155 |
| Ubuntu:24.04:LTS | linux-riscv | 6.8.0-55.57.1, 6.8.0-36.36.1, 6.8.0-39.39.1 |
| Ubuntu:Pro:FIPS-preview:22.04:LTS | linux-azure-fips | 5.15.0-1053.61+fips1, 0 |
| Ubuntu:20.04:LTS | linux-aws-5.8 | 5.8.0-1038.40~20.04.1, 0, * |
| Ubuntu:25.10 | linux-gcp | 6.17.0-1001.1, 6.17.0-1002.2, 6.17.0-1003.3 |
| Ubuntu:Pro:16.04:LTS | linux-kvm | 4.4.0-1040.46, 4.4.0-1041.47, 4.4.0-1043.49 |
| Ubuntu:Pro:18.04:LTS | linux-aws-5.4 | 5.4.0-1093.102~18.04.2, 5.4.0-1112.121~18.04.2, 5.4.0-1113.123~18.04.1 |
| Ubuntu:22.04:LTS | linux-oracle-6.8 | 6.8.0-1016.17~22.04.1, 6.8.0-1010.10~22.04.1, 6.8.0-1008.8~22.04.1 |
| Ubuntu:22.04:LTS | linux-lowlatency-hwe-6.5 | 0, 6.5.0-26.26.1~22.04.1, * |
| Ubuntu:Pro:20.04:LTS | linux-hwe-5.15 | 5.15.0-113.123~20.04.1, 5.15.0-106.116~20.04.1, 5.15.0-153.163~20.04.1 |
| Ubuntu:22.04:LTS | linux-azure-6.8 | 6.8.0-1041.47~22.04.1, *, 6.8.0-1044.50~22.04.1 |
| Ubuntu:Pro:20.04:LTS | linux-ibm | 5.4.0-1032.36, 0, 5.4.0-1003.4 |
| Ubuntu:24.04:LTS | linux-aws-6.14 | 6.14.0-1009.9~24.04.1, 6.14.0-1010.10~24.04.1, 6.14.0-1012.12~24.04.1 |
| Ubuntu:22.04:LTS | linux-oracle-6.5 | *, 6.5.0-1027.27~22.04.1, 6.5.0-1025.25~22.04.1 |
| Ubuntu:22.04:LTS | linux-aws-6.5 | 6.5.0-1008.8~22.04.1, 6.5.0-1011.11~22.04.1, 6.5.0-1012.12~22.04.1 |
| Ubuntu:22.04:LTS | linux-oem-6.5 | 6.5.0-1014.15, 6.5.0-1015.16, 6.5.0-1018.19 |
…and 219 more
Timeline
- Jun 25, 2021 CVE Published
- Jun 26, 2021 EPSS Score
- Aug 25, 2021 EPSS Score
- Oct 25, 2021 EPSS Score
- Dec 24, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 22, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 23, 2022 EPSS Score
- Jun 23, 2022 EPSS Score
- Aug 23, 2022 EPSS Score
- Oct 22, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-31615 third-party-advisory
- https://bluetooth.com third-party-advisory
- https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/injectable/ third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-31615 third-party-advisory