SWRZ164A August 2024 – September 2024 CC1352P , CC1352P7 , CC1352R , CC2340R5 , CC2340R5-Q1 , CC2640R2F , CC2640R2F-Q1 , CC2640R2L , CC2642R , CC2642R-Q1 , CC2651P3 , CC2651R3 , CC2651R3SIPA , CC2652P , CC2652P7 , CC2652PSIP , CC2652R , CC2652R7 , CC2652RSIP
Bluetooth resolvable Random Private Address (RPA) enables mitigations towards malicious third-parties from tracking a Bluetooth device while still allowing one or more already bonded devices (trusted parties) to identify the Bluetooth device of interest. The RPA address is resolvable using a key (referred to as Identity Resolving Key - IRK) shared with the already bonded devices.
One of the Bluetooth LE fuzz tests causes the Bluetooth LE DUT (device under test) using RPA for connectable advertising, to end up generating unresolvable RPAs after a while. This leads to causing DoS for the already bonded peer devices until the next valid RPA is generated (15 minutes by default).