Skip to main content

CVE-2021-33139: denial of service in Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products

Medium
VulnerabilityCVE-2021-33139cvecve-2021-33139
Published: Wed Feb 09 2022 (02/09/2022, 22:04:44 UTC)
Source: CVE
Vendor/Project: n/a
Product: Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products

Description

Improper conditions check in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.100 may allow an authenticated user to potentially enable denial of service via adjacent access.

AI-Powered Analysis

AILast updated: 07/06/2025, 22:28:35 UTC

Technical Analysis

CVE-2021-33139 is a medium severity vulnerability affecting Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products with firmware versions prior to 22.100. The flaw arises from improper conditions checking in the firmware, which can be exploited by an authenticated user with adjacent access to the vulnerable Bluetooth device. Specifically, the vulnerability allows an attacker to trigger a denial of service (DoS) condition, causing the Bluetooth functionality to become unavailable. The vulnerability is classified under CWE-754, indicating an improper condition check that leads to unexpected behavior. The CVSS v3.1 base score is 5.7, reflecting a medium severity level, with the vector AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. This means the attack requires adjacent network access (Bluetooth range), low attack complexity, and privileges (authenticated user), no user interaction, and impacts availability only without affecting confidentiality or integrity. No known exploits are currently reported in the wild, and no official patch links were provided in the source information, though firmware updates beyond version 22.100 presumably address the issue. The vulnerability could be leveraged by attackers in physical proximity or within Bluetooth range to disrupt wireless communication capabilities of affected devices, potentially impacting business operations relying on Bluetooth connectivity.

Potential Impact

For European organizations, this vulnerability could disrupt critical wireless communication channels that rely on Intel or Killer Bluetooth hardware, which are commonly integrated in laptops, desktops, and other endpoint devices. The denial of service could interrupt peripheral connectivity such as keyboards, mice, headsets, or data transfer devices, leading to reduced productivity and operational delays. In sectors like finance, healthcare, manufacturing, and government, where reliable device connectivity is essential, such disruptions could degrade service quality or delay critical tasks. Although the vulnerability does not compromise data confidentiality or integrity, the availability impact could be significant in environments with high reliance on Bluetooth-enabled devices. Additionally, the requirement for authenticated adjacent access limits remote exploitation, but insider threats or attackers with physical proximity could exploit this flaw. The lack of known exploits reduces immediate risk but does not eliminate the potential for future attacks, especially in dense office environments or public spaces where Bluetooth devices are prevalent.

Mitigation Recommendations

European organizations should ensure that all affected Intel Wireless Bluetooth and Killer Bluetooth devices are updated to firmware version 22.100 or later, where this vulnerability is addressed. Since no direct patch links were provided, organizations should obtain firmware updates from official Intel or device manufacturer channels. Network administrators should implement strict access controls to limit Bluetooth pairing and connections to trusted devices only, reducing the risk of unauthorized authenticated access. Additionally, disabling Bluetooth functionality on devices where it is not required can minimize the attack surface. Endpoint security policies should include monitoring for unusual Bluetooth device behavior or frequent disconnections that may indicate exploitation attempts. Physical security controls to prevent unauthorized proximity to sensitive devices can further reduce risk. Finally, organizations should educate users about the risks of pairing with unknown Bluetooth devices and enforce policies to avoid connecting to untrusted peripherals.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
intel
Date Reserved
2021-05-18T00:00:00.000Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682d981ec4522896dcbdbb67

Added to database: 5/21/2025, 9:08:46 AM

Last enriched: 7/6/2025, 10:28:35 PM

Last updated: 8/18/2025, 4:51:06 AM

Views: 11

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats