Page 1 of 1
New BrakTooth Flaws Leave Millions of Bluetooth-enabled Devices Vulnerable
Posted: Thu Sep 09, 2021 4:44 am
by axellin
Re: New BrakTooth Flaws Leave Millions of Bluetooth-enabled Devices Vulnerable
Posted: Thu Sep 09, 2021 4:50 am
by ESP_Sprite
No need to wait on the esp-idf side of things, we already have fixes, as indicated in our
advisory on the matter.
Re: New BrakTooth Flaws Leave Millions of Bluetooth-enabled Devices Vulnerable
Posted: Thu Sep 09, 2021 4:59 am
by axellin
ESP_Sprite wrote: ↑Thu Sep 09, 2021 4:50 am
No need to wait on the esp-idf side of things, we already have fixes, as indicated in our
advisory on the matter.
I don't get it.
The fix is just comments?
https://github.com/espressif/esp-idf/co ... d7be653471
Re: New BrakTooth Flaws Leave Millions of Bluetooth-enabled Devices Vulnerable
Posted: Thu Sep 09, 2021 5:42 am
by ESP_Sprite
My guess is that that is simply the final commit of a series that have solved this issue, but I'm not sure; let me ask the dev responsible.
Edit: Looks like it;
this one is related and does have actual code changes.
Re: New BrakTooth Flaws Leave Millions of Bluetooth-enabled Devices Vulnerable
Posted: Thu Sep 09, 2021 1:21 pm
by axellin
I misread the advisory document and thought the commit id is the fix.
It actually means all fixes are included if you sync to that commit id.
BTW, it would be helpful if the developers can add the fixed CVE numbers in commit log in the future.
(Especially for closed source library, it's difficult to know if a CVE is fixed or not).
Re: New BrakTooth Flaws Leave Millions of Bluetooth-enabled Devices Vulnerable
Posted: Fri Sep 10, 2021 1:10 am
by ESP_Sprite
axellin wrote: ↑Thu Sep 09, 2021 1:21 pm
BTW, it would be helpful if the developers can add the fixed CVE numbers in commit log in the future.
(Especially for closed source library, it's difficult to know if a CVE is fixed or not).
I agree with you there; I've internally passed the request on to the relevant teams.
Re: New BrakTooth Flaws Leave Millions of Bluetooth-enabled Devices Vulnerable
Posted: Fri Sep 24, 2021 4:38 am
by mendesgeo
Hi, the specific commit which fixes all BrakTooth BT issues on ESP32 is this one:
https://github.com/espressif/esp-idf/co ... 598d9fc172