This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Bluetooth vulnerability - Bluetooth implementations may not sufficiently validate elliptic curve parameters

Hello,

Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange - any fix from TI for bluetopia stack

We are using Bluetopia stack for TI Wilink8 hardware. Bluetopia stack version is 4.0.2.0.1U. There is a vulnerability reported in bluetooth recently. I wanted to check if it is valid for this bluetopia stack?

The following link gives more information.

  

Ref:

https://www.kb.cert.org/vuls/id/304725

https://www.heise.de/security/meldung/Bluetooth-Luecke-in-Millionen-Geraeten-entdeckt-4118968.html

 

What are the solutions, if stack is affected?

Your soon feedback is highly appreciated!

 

Thanks and regards,

Salman