HBSA-2025-0002

Vulnerability from csaf_harmaninternational - Published: 2025-12-10 07:00 - Updated: 2025-12-10 07:00
Summary
BLE ICM Vulnerability in JBL Headphones
Severity
6.5 (medium)
Notes
Summary: The BLE controller in certain consumer products fails to properly validate the channel map field in connection requests, enabling attackers within radio range to cause a denial of service through a specially crafted packet.
Impact: Sending an invalid connection request to a JBL Bluetooth Speaker causes it to crash or enter a deadlock state, halting music playback and disconnecting existing connections. Recovery requires manual reboot by the user, as reconnection is impossible in this state.
Remediation: No remediation is available as of now. A manual reboot of the device by the user is required to restore functionality.
CWE-1287 - Improper Validation of Specified Type of Input
None Available No fix available
Affected products
Product Identifier Version Remediation
JBL Flip 5
JBL
05003635916005003635917705003635918405003635919105003635920705003635921405003635922105003635923805003635924505003635925205003635927605003635928305003635929005003635929005003635930605003635931305003635932005003635933705003635934405003635935105003635948105003635949805003636108805003636773805003636774505003636775205003636776905003636777605003636778305003636779005003636780605003636781305003636782005003636783705003637032505003637033205003637034905003637035605003637205305003637206005003637602005003637737905003637738605003637739305003638628905003639734605003639734612001300017101200130004018120013000401812001300053434968929055777496892905578449689290557914968929055807496892905581449689290558214968929055838496892905584549689290558524968929055869496892905599949689290685556925281954566692528195457369252819545736925281954580692528195458069252819545976925281954597692528195460369252819546106925281954627692528195463469252819546416925281954658692528195467269252819546896925281954696692528195470269252819547196925281954726692528195473369252819547406925281954757692528195489469252819549006925281971037692528197104469252819734066925281973703692528197372769252819737896925281973796692528197380269252819738196925281973826692528197383369252819776956925281985607692528199770978963595627877896359562794789635956280078963595628177896359562824
JBL Flip 6
JBL
050036384315050036384315050036384322050036384322050036384339050036384339050036384346050036384346050036384353050036384360050036384377050036384384050036384391050036384407050036384414050036384421050036384438050036384445050036384452050036384469050036384476050036384483050036385220050036386784050036386807050036392501050036392556050036392563050036392679050036392808120013000141349689292142044968929214211496892921422849689292142354968929214242496892921426649689292142734968929214280692528194266269252819929716925281992971692528199298869252819929956925281992995692528199300869252819930156925281993039692528199304669252819930536925281993077692528199310769252819931386925281993145692528199425869252819951636925281995170692528199521769252819952246925281995767
JBL Pulse 4
JBL
050036362320050036370608050036362306050036362290050036370615050036362313692528195834278963595647296925281958328692528195831169252819745336925281958335692528197377249689290568974968929056880
JBL Pulse 5
JBL
5003638969350036389730500363936834968929215959692528190096969252819678496925281999574
JBL Boombox 2
JBL
0500363686740500363686810500363686980500363687040500363687110500363687280500363687280500363687350500363687420500363687590500363687660500363687730500363687800500363687970500363688030500363760060500363760130500363810240500363810314968929059614496892905962169252819679556925281967962692528196797969252819679866925281967993692528196800669252819680066925281968013692528196803769252819680516925281968051692528196806869252819680756925281968082692528196811269252819681126925281968129692528198070169252819837026925281983719692528198505869252819961776925281997716789635956604478963595681859346112023348
JBL Boombox 3
JBL
050036389075050036389082050036389099050036389105050036392815496892921542349689292154305003638909950036389105500363891125003638912950036389136500363891435003638915050036389167500363891745003638917450036389181500363891815003638919850036389204500363892115003638922850036389235500363892425003639298369252819755786925281975684692528197791669252819779236925281998744692528199875169252819987686925281998768692528199877569252819987756925281998782692528199879969252819988056925281998812692528199882969252819988366925281998843692528199884369252819988436925281998850692528199885069252819988506925281998867692528199887469252819988816925281998898692528199890469252819989119346112036607
JBL Xtreme 3
JBL
0500363751150500363750540500363750610500363750780500363750850500363750920500363751080500363751150500363751220500363751390500363751460500363751530500363751600500363751770500363751840500363751910500363752070500363752140500363752210500363752380500363752450500363752520500363752690500363752760500363752830500363769070500363769140500363769210500363818260500363818330500363818400500363818570500363863020500363863190500363863264968929078424496892907843149689290784486925281977459692528197746669252819774736925281977480692528197749769252819775036925281977510692528197752769252819775346925281977541692528197755869252819775656925281977572692528197758969252819775966925281977602692528197760269252819776196925281977619692528197762669252819776336925281977640692528197765769252819776646925281977671692528197768869252819849456925281984952692528198496969252819849766925281989858692528198986569252819910806925281992575692528199432669252819999947896359567355789635956736293461120167159346112030964
Acknowledgments
CERT@VDE certvde.com
Hummus Sec Mattar Bernhard
Hummus Sec Mattar Bernhard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordinating",
        "urls": [
          "https://certvde.com"
        ]
      },
      {
        "names": [
          "Mattar Bernhard"
        ],
        "organization": "Hummus Sec",
        "summary": "reporting"
      }
    ],
    "aggregate_severity": {
      "namespace": "https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
      "text": "6.5 (Medium)"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "The BLE controller in certain consumer products fails to properly validate the channel map field in connection requests, enabling attackers within radio range to cause a denial of service through a specially crafted packet. ",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "Sending an invalid connection request to a JBL Bluetooth Speaker causes it to crash or enter a deadlock state, halting music playback and disconnecting existing connections. Recovery requires manual reboot by the user, as reconnection is impossible in this state. ",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "No remediation is available as of now. A manual reboot of the device by the user is required to restore functionality.",
        "title": "Remediation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "productsecurity@harman.com",
      "name": "Harman International",
      "namespace": "https://www.harman.com"
    },
    "references": [
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for Harman",
        "url": "https://certvde.com/en/advisories/vendor/harmann/"
      },
      {
        "category": "self",
        "summary": "HBSA-2025-0002: BLE ICM Vulnerability in JBL Headphones - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2025-089"
      },
      {
        "category": "self",
        "summary": "HBSA-2025-0002: BLE ICM Vulnerability in JBL Headphones - CSAF",
        "url": "https://harman.csaf-tp.certvde.com/.well-known/csaf/white/2025/hbsa-2025-0002.json"
      }
    ],
    "title": "BLE ICM Vulnerability in JBL Headphones",
    "tracking": {
      "aliases": [
        "VDE-2025-089"
      ],
      "current_release_date": "2025-12-10T07:00:00.000Z",
      "generator": {
        "date": "2025-12-08T12:02:07.922Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.40"
        }
      },
      "id": "HBSA-2025-0002",
      "initial_release_date": "2025-12-10T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-12-10T07:00:00.000Z",
          "number": "1.0.0",
          "summary": "Initial version"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Flip 5",
            "product": {
              "name": "JBL Flip 5",
              "product_id": "CSAFPID-1101",
              "product_identification_helper": {
                "skus": [
                  "050036359160",
                  "050036359177",
                  "050036359184",
                  "050036359191",
                  "050036359207",
                  "050036359214",
                  "050036359221",
                  "050036359238",
                  "050036359245",
                  "050036359252",
                  "050036359276",
                  "050036359283",
                  "050036359290",
                  "050036359290",
                  "050036359306",
                  "050036359313",
                  "050036359320",
                  "050036359337",
                  "050036359344",
                  "050036359351",
                  "050036359481",
                  "050036359498",
                  "050036361088",
                  "050036367738",
                  "050036367745",
                  "050036367752",
                  "050036367769",
                  "050036367776",
                  "050036367783",
                  "050036367790",
                  "050036367806",
                  "050036367813",
                  "050036367820",
                  "050036367837",
                  "050036370325",
                  "050036370332",
                  "050036370349",
                  "050036370356",
                  "050036372053",
                  "050036372060",
                  "050036376020",
                  "050036377379",
                  "050036377386",
                  "050036377393",
                  "050036386289",
                  "050036397346",
                  "050036397346",
                  "1200130001710",
                  "1200130004018",
                  "1200130004018",
                  "1200130005343",
                  "4968929055777",
                  "4968929055784",
                  "4968929055791",
                  "4968929055807",
                  "4968929055814",
                  "4968929055821",
                  "4968929055838",
                  "4968929055845",
                  "4968929055852",
                  "4968929055869",
                  "4968929055999",
                  "4968929068555",
                  "6925281954566",
                  "6925281954573",
                  "6925281954573",
                  "6925281954580",
                  "6925281954580",
                  "6925281954597",
                  "6925281954597",
                  "6925281954603",
                  "6925281954610",
                  "6925281954627",
                  "6925281954634",
                  "6925281954641",
                  "6925281954658",
                  "6925281954672",
                  "6925281954689",
                  "6925281954696",
                  "6925281954702",
                  "6925281954719",
                  "6925281954726",
                  "6925281954733",
                  "6925281954740",
                  "6925281954757",
                  "6925281954894",
                  "6925281954900",
                  "6925281971037",
                  "6925281971044",
                  "6925281973406",
                  "6925281973703",
                  "6925281973727",
                  "6925281973789",
                  "6925281973796",
                  "6925281973802",
                  "6925281973819",
                  "6925281973826",
                  "6925281973833",
                  "6925281977695",
                  "6925281985607",
                  "6925281997709",
                  "7896359562787",
                  "7896359562794",
                  "7896359562800",
                  "7896359562817",
                  "7896359562824"
                ]
              }
            }
          },
          {
            "category": "product_name",
            "name": "Flip 6",
            "product": {
              "name": "JBL Flip 6",
              "product_id": "CSAFPID-1102",
              "product_identification_helper": {
                "skus": [
                  "050036384315",
                  "050036384315",
                  "050036384322",
                  "050036384322",
                  "050036384339",
                  "050036384339",
                  "050036384346",
                  "050036384346",
                  "050036384353",
                  "050036384360",
                  "050036384377",
                  "050036384384",
                  "050036384391",
                  "050036384407",
                  "050036384414",
                  "050036384421",
                  "050036384438",
                  "050036384445",
                  "050036384452",
                  "050036384469",
                  "050036384476",
                  "050036384483",
                  "050036385220",
                  "050036386784",
                  "050036386807",
                  "050036392501",
                  "050036392556",
                  "050036392563",
                  "050036392679",
                  "050036392808",
                  "1200130001413",
                  "4968929214204",
                  "4968929214211",
                  "4968929214228",
                  "4968929214235",
                  "4968929214242",
                  "4968929214266",
                  "4968929214273",
                  "4968929214280",
                  "6925281942662",
                  "6925281992971",
                  "6925281992971",
                  "6925281992988",
                  "6925281992995",
                  "6925281992995",
                  "6925281993008",
                  "6925281993015",
                  "6925281993039",
                  "6925281993046",
                  "6925281993053",
                  "6925281993077",
                  "6925281993107",
                  "6925281993138",
                  "6925281993145",
                  "6925281994258",
                  "6925281995163",
                  "6925281995170",
                  "6925281995217",
                  "6925281995224",
                  "6925281995767"
                ]
              }
            }
          },
          {
            "category": "product_name",
            "name": "Pulse 4",
            "product": {
              "name": "JBL Pulse 4",
              "product_id": "CSAFPID-1103",
              "product_identification_helper": {
                "skus": [
                  "050036362320",
                  "050036370608",
                  "050036362306",
                  "050036362290",
                  "050036370615",
                  "050036362313",
                  "6925281958342",
                  "7896359564729",
                  "6925281958328",
                  "6925281958311",
                  "6925281974533",
                  "6925281958335",
                  "6925281973772",
                  "4968929056897",
                  "4968929056880"
                ]
              }
            }
          },
          {
            "category": "product_name",
            "name": "Pulse 5",
            "product": {
              "name": "JBL Pulse 5",
              "product_id": "CSAFPID-1104",
              "product_identification_helper": {
                "skus": [
                  "50036389693",
                  "50036389730",
                  "50036393683",
                  "4968929215959",
                  "6925281900969",
                  "6925281967849",
                  "6925281999574"
                ]
              }
            }
          },
          {
            "category": "product_name",
            "name": "Boombox 2",
            "product": {
              "name": "JBL Boombox 2",
              "product_id": "CSAFPID-1105",
              "product_identification_helper": {
                "skus": [
                  "050036368674",
                  "050036368681",
                  "050036368698",
                  "050036368704",
                  "050036368711",
                  "050036368728",
                  "050036368728",
                  "050036368735",
                  "050036368742",
                  "050036368759",
                  "050036368766",
                  "050036368773",
                  "050036368780",
                  "050036368797",
                  "050036368803",
                  "050036376006",
                  "050036376013",
                  "050036381024",
                  "050036381031",
                  "4968929059614",
                  "4968929059621",
                  "6925281967955",
                  "6925281967962",
                  "6925281967979",
                  "6925281967986",
                  "6925281967993",
                  "6925281968006",
                  "6925281968006",
                  "6925281968013",
                  "6925281968037",
                  "6925281968051",
                  "6925281968051",
                  "6925281968068",
                  "6925281968075",
                  "6925281968082",
                  "6925281968112",
                  "6925281968112",
                  "6925281968129",
                  "6925281980701",
                  "6925281983702",
                  "6925281983719",
                  "6925281985058",
                  "6925281996177",
                  "6925281997716",
                  "7896359566044",
                  "7896359568185",
                  "9346112023348"
                ]
              }
            }
          },
          {
            "category": "product_name",
            "name": "Boombox 3",
            "product": {
              "name": "JBL Boombox 3",
              "product_id": "CSAFPID-1106",
              "product_identification_helper": {
                "skus": [
                  "050036389075",
                  "050036389082",
                  "050036389099",
                  "050036389105",
                  "050036392815",
                  "4968929215423",
                  "4968929215430",
                  "50036389099",
                  "50036389105",
                  "50036389112",
                  "50036389129",
                  "50036389136",
                  "50036389143",
                  "50036389150",
                  "50036389167",
                  "50036389174",
                  "50036389174",
                  "50036389181",
                  "50036389181",
                  "50036389198",
                  "50036389204",
                  "50036389211",
                  "50036389228",
                  "50036389235",
                  "50036389242",
                  "50036392983",
                  "6925281975578",
                  "6925281975684",
                  "6925281977916",
                  "6925281977923",
                  "6925281998744",
                  "6925281998751",
                  "6925281998768",
                  "6925281998768",
                  "6925281998775",
                  "6925281998775",
                  "6925281998782",
                  "6925281998799",
                  "6925281998805",
                  "6925281998812",
                  "6925281998829",
                  "6925281998836",
                  "6925281998843",
                  "6925281998843",
                  "6925281998843",
                  "6925281998850",
                  "6925281998850",
                  "6925281998850",
                  "6925281998867",
                  "6925281998874",
                  "6925281998881",
                  "6925281998898",
                  "6925281998904",
                  "6925281998911",
                  "9346112036607"
                ]
              }
            }
          },
          {
            "category": "product_name",
            "name": "Xtreme 3",
            "product": {
              "name": "JBL Xtreme 3",
              "product_id": "CSAFPID-1107",
              "product_identification_helper": {
                "skus": [
                  "050036375115",
                  "050036375054",
                  "050036375061",
                  "050036375078",
                  "050036375085",
                  "050036375092",
                  "050036375108",
                  "050036375115",
                  "050036375122",
                  "050036375139",
                  "050036375146",
                  "050036375153",
                  "050036375160",
                  "050036375177",
                  "050036375184",
                  "050036375191",
                  "050036375207",
                  "050036375214",
                  "050036375221",
                  "050036375238",
                  "050036375245",
                  "050036375252",
                  "050036375269",
                  "050036375276",
                  "050036375283",
                  "050036376907",
                  "050036376914",
                  "050036376921",
                  "050036381826",
                  "050036381833",
                  "050036381840",
                  "050036381857",
                  "050036386302",
                  "050036386319",
                  "050036386326",
                  "4968929078424",
                  "4968929078431",
                  "4968929078448",
                  "6925281977459",
                  "6925281977466",
                  "6925281977473",
                  "6925281977480",
                  "6925281977497",
                  "6925281977503",
                  "6925281977510",
                  "6925281977527",
                  "6925281977534",
                  "6925281977541",
                  "6925281977558",
                  "6925281977565",
                  "6925281977572",
                  "6925281977589",
                  "6925281977596",
                  "6925281977602",
                  "6925281977602",
                  "6925281977619",
                  "6925281977619",
                  "6925281977626",
                  "6925281977633",
                  "6925281977640",
                  "6925281977657",
                  "6925281977664",
                  "6925281977671",
                  "6925281977688",
                  "6925281984945",
                  "6925281984952",
                  "6925281984969",
                  "6925281984976",
                  "6925281989858",
                  "6925281989865",
                  "6925281991080",
                  "6925281992575",
                  "6925281994326",
                  "6925281999994",
                  "7896359567355",
                  "7896359567362",
                  "9346112016715",
                  "9346112030964"
                ]
              }
            }
          }
        ],
        "category": "vendor",
        "name": "JBL"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-1101",
          "CSAFPID-1102",
          "CSAFPID-1103",
          "CSAFPID-1104",
          "CSAFPID-1105",
          "CSAFPID-1106",
          "CSAFPID-1107"
        ],
        "summary": "Affected products."
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Mattar Bernhard"
          ],
          "organization": "Hummus Sec",
          "summary": "reporting"
        }
      ],
      "cve": "CVE-2024-2105",
      "cwe": {
        "id": "CWE-1287",
        "name": "Improper Validation of Specified Type of Input"
      },
      "discovery_date": "2023-08-10T10:00:00.000Z",
      "notes": [
        {
          "audience": "all",
          "category": "general",
          "text": "An unauthorised attacker within bluetooth range may use an improper validation during the BLE connection request to deadlock the affected devices.",
          "title": "Description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1101",
          "CSAFPID-1102",
          "CSAFPID-1103",
          "CSAFPID-1104",
          "CSAFPID-1105",
          "CSAFPID-1106",
          "CSAFPID-1107"
        ]
      },
      "release_date": "2024-03-01T11:00:00.000Z",
      "remediations": [
        {
          "category": "none_available",
          "date": "2025-07-01T10:00:00.000Z",
          "details": "No fix available",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "environmentalScore": 6.5,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 6.5,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1101",
            "CSAFPID-1102",
            "CSAFPID-1103",
            "CSAFPID-1104",
            "CSAFPID-1105",
            "CSAFPID-1106",
            "CSAFPID-1107"
          ]
        }
      ],
      "title": "JBL: Improper validation of ICM field in connection requests"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…