LiveActive security incident?Get immediate response
CVE Record

CVE-2021-47620: Bluetooth: refactor malicious adv data check

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: refactor malicious adv data check Check for out-of-bound read was being performed at the end of while num_reports loop, and would fill journal with false positives. Added check to beginning of loop processing so that it doesn't get checked after ptr has been advanced.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysisunknown

Security readout for executives and security teams

Plain-English summary

This is a Linux kernel Bluetooth issue in how advertising report data was checked. The source says the prior check could occur after a pointer advanced, producing out-of-bounds read concerns and noisy journal false positives. No CVSS score, CWE, or active exploitation evidence is provided.

Executive priority

Moderate operational priority, but risk cannot be scored from the bundle. Patch through normal kernel maintenance, prioritizing Bluetooth-enabled endpoints and appliances. No emergency response is justified without additional exploitation evidence.

Technical view

The fix refactors the Bluetooth malicious advertising data check so bounds validation happens at the beginning of each report-processing loop, not after advancing the pointer. The bundle identifies Linux kernel stable commits and fixed stable versions, but does not provide a complete conventional affected-version range.

Likely exposure

Exposure is limited to Linux systems using the kernel Bluetooth stack that process Bluetooth advertising reports. The provided data does not establish whether Bluetooth must be enabled, local proximity is required, or which downstream distribution kernels are affected.

Exploitation context

The bundle does not cite KEV, public exploitation, exploit code, or weaponization. Treat exploitation status as not demonstrated from the provided evidence.

Researcher notes

Key uncertainty is impact. The text describes an out-of-bounds read check placement and journal false positives, but not attacker prerequisites, reachable paths, crashability, data exposure, or affected ranges beyond Linux stable references.

Mitigation direction

  • Apply vendor or distribution kernel updates containing the referenced Bluetooth stable fix.
  • Confirm whether supported distro kernels have backported the fix.
  • Prioritize systems where Bluetooth is enabled or operationally exposed.
  • Track vendor advisories because the bundle lacks a full affected-version range.

Validation and detection

  • Inventory Linux assets with Bluetooth hardware, services, or kernel modules enabled.
  • Compare running kernel builds against vendor advisories and referenced stable commits.
  • Check kernel package changelogs for this CVE or the Bluetooth fix title.
  • Review logs for related Bluetooth warnings, without treating noise as confirmed compromise.
Prepared
Confidence
medium
Sources
6

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2021-47620 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
2ADP providers
10Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
other:ssvc
CVECVE Program Container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux048acfa4daf167b007b6bd8bef474e90c2282a5f, 7d4238edd3bf8b8c75571cc3b382bc10438ac588, 185c77cbb53bc7481acc5a0b4e6119bbe393d561, 4a1491432394b22e585a185ffca49086e4046aae, 24161b9c43de966789d5956428f45002d10f878e, ffc9019bd991707701273c2e5d8aed472229fc4d, 2de0e6a71ceb056e17e4684dce8b7640367996f9, 640a476e38fce6c70c738ac09e5167e34f570303, 3a56ef719f0b9682afb8a86d64b2399e36faa4e6unaffected
LinuxLinux4.4.300, 4.9.298, 4.14.263, 4.19.226, 5.4.174, 5.10.94, 5.15.17, 5.16.3unaffected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.