MidnightBSD

Advisories for actions-semi

CVE-2021-31785 MEDIUM

The Bluetooth Classic implementation on Actions ATS2815 and ATS2819 chipsets does not properly handle the reception of multiple LMP_host_connection_req packets, allowing attackers in radio range to trigger a denial of service (deadlock) of the device via crafted LMP packets. Manual user intervention is required to restart the device and restore Bluetooth communication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-667,

Products Affected

Vendor Product Version
actions-semi ats2815_firmware -
actions-semi ats2819t_firmware -
actions-semi ats2819p_firmware -
actions-semi ats2819_firmware -
actions-semi ats2819s_firmware -
CVE-2021-31786 MEDIUM

The Bluetooth Classic Audio implementation on Actions ATS2815 and ATS2819 devices does not properly handle a connection attempt from a host with the same BDAddress as the current connected BT host, allowing attackers to trigger a disconnection and deadlock of the device by connecting with a forged BDAddress that matches the original connected host.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-667,

Products Affected

Vendor Product Version
actions-semi ats2815_firmware -
actions-semi ats2819t_firmware -
actions-semi ats2819p_firmware -
actions-semi ats2819_firmware -
actions-semi ats2819s_firmware -
CVE-2021-31787 MEDIUM

The Bluetooth Classic implementation on Actions ATS2815 chipsets does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and shutdown of a device by flooding the target device with LMP_features_res packets.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
actions-semi ats2815_firmware -
actions-semi ats2819t_firmware -
actions-semi ats2819p_firmware -
actions-semi ats2819_firmware -
actions-semi ats2819s_firmware -