Known Bluetooth controller vulnerabilities



The lower layers of the Bluetooth standard are implemented in the controller firmware, which is updated less frequently than the host and could contain critical vulnerabilities.

Identifying known vulnerabilities is a fundamental step in a security audit. It needs to be verified whether these vulnerabilities affect the analyzed device to avoid false positives.


The enumeration of known vulnerabilities can be done by searching in vulnerability databases or in general-purpose search engines.

It important to verify the applicability of each of the vulnerabilities found against the analyzed device.

Resources that can be useful for the identification of the driver model on the device can be found in the following table:

ID Description
BSAM-RES-01 Physical identification of the controller
BSAM-RES-02 Identify controller through reports

For vulnerability enumeration the following resources may be of interest:

ID Description
BSAM-RES-03 Vulnerability database search

Example case

For an ESP32 Bluetooth controller, the following results have been identified in different search engines:

Known vulnerabilities should be validated and classified to assess which ones affect and which ones are not applicable to our device.