NXP PSIRT was informed by security researchers about two Denial of Service (DoS) vulnerabilities which can cause crashes or message-dependent deadlocks in certain Bluetooth Low Energy (Bluetooth LE) implementations of the MCUXpresso Software Development Kit (SDK). The specific software vulnerabilities are:


  • Link Layer Length Overflow (CVE-2019-17519) 

If the SoC receives a Bluetooth LE Link Layer (LL) packet with a length greater than expected, the packet is not discarded and causes the SoC to crash.


  • Link Layer Deadlock (CVE-2019-17060) 

If the SoC receives a Bluetooth LE packet with a Link Layer ID (LLID) = 0, then memory content adjacent to the packet receiving buffer is overwritten, which causes the Bluetooth LE stack to malfunction and enter in deadlock.


Required Conditions


 Exploiting these software vulnerabilities requires the following conditions to be in place:


  • Use of previous impacted versions of the MCUXpresso SDK offering Bluetooth LE support  (refer to the table below) 
  • An attacker would need to be within radio range of the devices to perform these exploits




NXP has released updated MCUXpresso SDKs with mitigations to address these specific software vulnerabilities and recommends users to update any impacted solutions to the latest respective MCUXpresso SDK versions.


Devices MCUXpresso SDK Version with the Mitigations



2.2.1  (Released 2019-11-28)




2.6.2  (Released 2019-12-20)




2.2.2  (Released 2019-12-06)


NOTE:  MCUXpresso SDK mitigations for MKW40xxxxx/MKW30xxxxx and K32Wxxxxx devices will be released separately. Other products in our Bluetooth LE portfolio are being analyzed and any future updates will be published on this page.


NOTE: Customers who have previously downloaded the MCUXpresso SDK and have the notification preferences turned on (default), should have automatically received an update on the latest MCUXpresso SDK releases. 


Please have the Content update checkbox ticked to allow notifications for future MCUXpresso SDK updates.




The SweynTooth series of vulnerabilities impact many Bluetooth LE stack implementations from other software and device suppliers. NXP strongly encourages users to review all Bluetooth LE stack implementations with their vendors to ensure that they are not impacted by these vulnerabilities.


NXP recommends users review these descriptions for their specific use cases to ascertain any impact to their own products or end customers and take any necessary actions.





NXP PSIRT would also like to thank Matheus E. Garbelini, Sudipta Chattopadhyay, and Chundong Wang of the Singapore University of Technology and Design for their responsible disclosure.


Additional Information


For additional questions or support please contact your local NXP representative or submit a ticket at




Please note this information is preliminary and subject to change. To the best of NXP's knowledge, the information contained herein is accurate and reliable as of the date of publication; however, NXP does not assume any liability for the accuracy and completeness of the information.


