Hi,
FYI:
https://thehackernews.com/2021/09/new-b ... ns-of.html
https://asset-group.github.io/disclosures/braktooth/
Looking forward the fixes ASAP.
New BrakTooth Flaws Leave Millions of Bluetooth-enabled Devices Vulnerable
-
- Posts: 9724
- Joined: Thu Nov 26, 2015 4:08 am
Re: New BrakTooth Flaws Leave Millions of Bluetooth-enabled Devices Vulnerable
No need to wait on the esp-idf side of things, we already have fixes, as indicated in our advisory on the matter.
Re: New BrakTooth Flaws Leave Millions of Bluetooth-enabled Devices Vulnerable
I don't get it.ESP_Sprite wrote: ↑Thu Sep 09, 2021 4:50 amNo need to wait on the esp-idf side of things, we already have fixes, as indicated in our advisory on the matter.
The fix is just comments?
https://github.com/espressif/esp-idf/co ... d7be653471
-
- Posts: 9724
- Joined: Thu Nov 26, 2015 4:08 am
Re: New BrakTooth Flaws Leave Millions of Bluetooth-enabled Devices Vulnerable
My guess is that that is simply the final commit of a series that have solved this issue, but I'm not sure; let me ask the dev responsible.
Edit: Looks like it; this one is related and does have actual code changes.
Edit: Looks like it; this one is related and does have actual code changes.
Re: New BrakTooth Flaws Leave Millions of Bluetooth-enabled Devices Vulnerable
I misread the advisory document and thought the commit id is the fix.
It actually means all fixes are included if you sync to that commit id.
BTW, it would be helpful if the developers can add the fixed CVE numbers in commit log in the future.
(Especially for closed source library, it's difficult to know if a CVE is fixed or not).
It actually means all fixes are included if you sync to that commit id.
BTW, it would be helpful if the developers can add the fixed CVE numbers in commit log in the future.
(Especially for closed source library, it's difficult to know if a CVE is fixed or not).
-
- Posts: 9724
- Joined: Thu Nov 26, 2015 4:08 am
Re: New BrakTooth Flaws Leave Millions of Bluetooth-enabled Devices Vulnerable
I agree with you there; I've internally passed the request on to the relevant teams.
Re: New BrakTooth Flaws Leave Millions of Bluetooth-enabled Devices Vulnerable
Hi, the specific commit which fixes all BrakTooth BT issues on ESP32 is this one:
https://github.com/espressif/esp-idf/co ... 598d9fc172
https://github.com/espressif/esp-idf/co ... 598d9fc172
Who is online
Users browsing this forum: Majestic-12 [Bot] and 127 guests