Skip to main content

CVE-2021-33110: denial of service in Intel(R) Wireless Bluetooth(R) products and Killer(TM) Bluetooth(R) products in Windows 10 and 11

Medium
VulnerabilityCVE-2021-33110cvecve-2021-33110
Published: Wed Feb 09 2022 (02/09/2022, 22:04:39 UTC)
Source: CVE
Vendor/Project: n/a
Product: Intel(R) Wireless Bluetooth(R) products and Killer(TM) Bluetooth(R) products in Windows 10 and 11

Description

Improper input validation for some Intel(R) Wireless Bluetooth(R) products and Killer(TM) Bluetooth(R) products in Windows 10 and 11 before version 22.80 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

AI-Powered Analysis

AILast updated: 07/06/2025, 22:13:27 UTC

Technical Analysis

CVE-2021-33110 is a vulnerability affecting certain Intel Wireless Bluetooth products and Killer Bluetooth products operating on Windows 10 and Windows 11 systems prior to version 22.80 of the Bluetooth driver or firmware. The root cause is improper input validation, classified under CWE-20, which allows an unauthenticated attacker with adjacent network access (i.e., within Bluetooth radio range) to trigger a denial of service (DoS) condition. Specifically, the attacker can send crafted Bluetooth packets that exploit the input validation flaw, causing the affected Bluetooth driver or service to crash or become unresponsive. This results in the loss of Bluetooth functionality on the targeted device, impacting availability but not confidentiality or integrity. The vulnerability does not require user interaction or authentication, making it easier to exploit in environments where attackers can be physically proximate. The CVSS v3.1 base score is 6.5 (medium severity), reflecting the network attack vector with low complexity, no privileges required, and no user interaction needed, but limited to adjacent access and impacting availability only. No known exploits in the wild have been reported as of the publication date. The vulnerability affects a broad range of devices using Intel Wireless Bluetooth and Killer Bluetooth adapters on Windows 10 and 11, which are common in consumer laptops, business notebooks, and some industrial devices. The lack of a patch link in the provided data suggests users should verify driver versions and update to 22.80 or later to remediate the issue.

Potential Impact

For European organizations, the primary impact is the potential disruption of Bluetooth connectivity on affected devices, which can affect business operations relying on Bluetooth peripherals such as keyboards, mice, headsets, or IoT devices. In environments with high reliance on wireless communication for productivity or operational technology, this DoS could cause temporary loss of service, impacting employee efficiency or critical device functionality. Although the vulnerability does not compromise data confidentiality or integrity, the availability impact could be significant in sectors like manufacturing, healthcare, or logistics where Bluetooth-enabled devices are integral. Additionally, the ease of exploitation without authentication or user interaction means attackers could cause widespread disruption in dense office environments or public spaces. However, the requirement for adjacent access limits remote exploitation, reducing risk from remote attackers. The absence of known exploits in the wild lowers immediate threat but does not eliminate risk, especially if attackers develop proof-of-concept code. Organizations should consider the operational impact of Bluetooth outages and the potential for targeted disruption in sensitive environments.

Mitigation Recommendations

To mitigate this vulnerability, European organizations should: 1) Inventory all devices using Intel Wireless Bluetooth and Killer Bluetooth adapters on Windows 10 and 11 to identify those running affected driver versions prior to 22.80. 2) Update Bluetooth drivers and firmware to version 22.80 or later as soon as updates become available from device manufacturers or Intel to ensure the input validation flaw is corrected. 3) Implement physical security controls to limit unauthorized adjacent access to Bluetooth radios, such as restricting access to sensitive areas and using Bluetooth device management policies. 4) Disable Bluetooth functionality on devices where it is not required to reduce the attack surface. 5) Monitor Bluetooth device logs and Windows event logs for unusual disconnects or crashes that may indicate exploitation attempts. 6) Educate users about the importance of applying driver updates and reporting Bluetooth connectivity issues promptly. 7) Consider deploying endpoint detection and response (EDR) tools capable of detecting anomalous Bluetooth driver behavior. These steps go beyond generic advice by focusing on driver version management, physical access controls, and active monitoring specific to Bluetooth vulnerabilities.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
intel
Date Reserved
2021-05-18T00:00:00.000Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682d981ec4522896dcbdbade

Added to database: 5/21/2025, 9:08:46 AM

Last enriched: 7/6/2025, 10:13:27 PM

Last updated: 8/14/2025, 8:17:50 PM

Views: 11

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats