CVE-2022-31364 – CVE-2022-31364 is a buffer overflow vulnerabili... (How to Fix)

Q: What is the severity of CVE-2022-31364?

CVE-2022-31364 has a CVSS score of 8.2 (HIGH). CVE-2022-31364 is a buffer overflow vulnerability in Cypress Bluetooth Mesh SDK that allows remote attackers to execute arbitrary code by sending specially crafted segmented packets. This affects devices using the vulnerable SDK version for Bluetooth Mesh networking. Organizations using Cypress Bluetooth Mesh SDK in IoT devices, industrial systems, or consumer electronics are at risk.

📋 TL;DR

CVE-2022-31364 is a buffer overflow vulnerability in Cypress Bluetooth Mesh SDK that allows remote attackers to execute arbitrary code by sending specially crafted segmented packets. This affects devices using the vulnerable SDK version for Bluetooth Mesh networking. Organizations using Cypress Bluetooth Mesh SDK in IoT devices, industrial systems, or consumer electronics are at risk.

💻 Affected Systems

Products:

Cypress Bluetooth Mesh SDK
Devices using Cypress Bluetooth Mesh SDK

Versions: BSA0107_05.01.00-BX8-AMESH-08 and potentially earlier versions

Operating Systems: Embedded systems using Cypress Bluetooth chips

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the lower_transport_layer_on_seg function when processing segmented packets with inconsistent SegN values.

📦 What is this software?

Cypress Bluetooth Mesh Software Development Kit by Infineon

View all CVEs affecting Cypress Bluetooth Mesh Software Development Kit →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, lateral movement within Bluetooth mesh networks, and potential physical safety risks in industrial/medical applications.

🟠

Likely Case

Device crash/reboot leading to denial of service, potential data leakage from memory corruption, and limited code execution in constrained environments.

🟢

If Mitigated

Denial of service from packet rejection, no code execution if memory protections are enabled and segmentation fault handling is robust.

🌐 Internet-Facing: MEDIUM - Requires Bluetooth proximity or gateway access, but mesh networks can extend attack surface beyond direct Bluetooth range.

🏢 Internal Only: HIGH - Bluetooth mesh networks often operate in internal/industrial environments where devices may be physically accessible or mesh traffic can propagate.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending crafted Bluetooth mesh packets but doesn't require authentication. Buffer overflow in segmented packet handling provides code execution opportunity.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Infineon/Cypress for updated SDK version

Vendor Advisory: https://www.infineon.com/

Restart Required: Yes

Instructions:

1. Contact Infineon/Cypress for updated Bluetooth Mesh SDK. 2. Update affected devices with patched firmware. 3. Recompile and redeploy applications using the SDK. 4. Restart devices to apply new firmware.

🔧 Temporary Workarounds

Segmented Packet Filtering

all

Implement network filtering to drop Bluetooth mesh packets with inconsistent SegN values before they reach vulnerable devices.

Bluetooth Mesh Network Segmentation

all

Isolate vulnerable devices in separate Bluetooth mesh subnetworks to limit attack propagation.

🧯 If You Can't Patch

Implement network monitoring for abnormal Bluetooth mesh packet patterns and SegN inconsistencies
Deploy devices in physically secured areas with limited Bluetooth range to reduce attack surface

🔍 How to Verify

Check if Vulnerable:

Check device firmware version and SDK version. If using BSA0107_05.01.00-BX8-AMESH-08 or earlier Cypress Bluetooth Mesh SDK, assume vulnerable.

Check Version:

Device-specific command to check firmware/SDK version (varies by implementation)

Verify Fix Applied:

Verify updated SDK version from vendor and confirm devices are running patched firmware. Test with segmented packet transmission to ensure proper handling.

📡 Detection & Monitoring

Log Indicators:

Device crashes/reboots
Memory corruption errors in system logs
Abnormal Bluetooth mesh packet processing errors

Network Indicators:

Unusual volume of segmented Bluetooth mesh packets
Packets with inconsistent SegN values in mesh traffic

SIEM Query:

Example: 'bluetooth mesh segmented packet anomaly' OR 'device crash after mesh packet reception'

📊 Metadata

CVE ID: CVE-2022-31364

CVSS v3 Score: 8.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

CWE: CWE-787

Published: February 1, 2023

Last Updated: March 27, 2025

🔗 References

https://docs.google.com/document/d/1tCJg1uBYtfx4SNvewWPNXd7PB6Z__iiG/edit Exploit,Third Party Advisory
https://docs.google.com/document/d/1tCJg1uBYtfx4SNvewWPNXd7PB6Z__iiG/edit Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-31364, you might also want to check these: