CVE-2021-26950

Vulnerability

An out-of-bounds read vulnerability exists in the firmware of certain Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products [1]. Affected versions are those before version 22.120. The flaw is reachable when an authenticated user sends a crafted request that leads to reading memory beyond an allocated buffer boundary, potentially crashing the device or causing a denial of service.

Exploitation

Exploitation requires local access and authentication as a user on the system [1]. The attacker must be able to send specially crafted Bluetooth commands to the affected firmware. No additional network privileges or user interaction beyond authentication are needed to trigger the out-of-bounds read.

Impact

Successful exploitation can cause the Bluetooth firmware to read out-of-bounds memory, leading to a denial of service (system hang or crash) [1]. No information disclosure or privilege escalation is implied by the advisory; the primary impact is availability degradation.

Mitigation

Intel released version 22.120 of the Bluetooth firmware to address this vulnerability [1]. Users should update their firmware through the manufacturer's recommended update mechanism. No workarounds are documented; applying the fixed firmware is the only mitigation.