Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for nova_3_firmware by huawei

    CVE-2020-0069 (GCVE-0-2020-0069)

    Vulnerability from nvd – Published: 2020-03-10 19:56 – Updated: 2025-10-21 23:35
    VLAI CISA KEVIntel
    Summary
    In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of privilege
    • CWE-787 - Out-of-bounds Write
    Assigner
    Impacted products
    Vendor Product Version
    n/a Android Affected: Android kernel
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T05:47:40.759Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://source.android.com/security/bulletin/2020-03-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-mtk-en"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-0069",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T13:03:30.656110Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0069"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:35:49.217Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0069"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2020-0069 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Android",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Android kernel"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-05-27T11:06:04.000Z",
            "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
            "shortName": "google_android"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://source.android.com/security/bulletin/2020-03-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-mtk-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@android.com",
              "ID": "CVE-2020-0069",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Android",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Android kernel"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://source.android.com/security/bulletin/2020-03-01",
                  "refsource": "MISC",
                  "url": "https://source.android.com/security/bulletin/2020-03-01"
                },
                {
                  "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-mtk-en",
                  "refsource": "CONFIRM",
                  "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-mtk-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
        "assignerShortName": "google_android",
        "cveId": "CVE-2020-0069",
        "datePublished": "2020-03-10T19:56:37.000Z",
        "dateReserved": "2019-10-17T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:35:49.217Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-0022 (GCVE-0-2020-0022)

    Vulnerability from nvd – Published: 2020-02-13 14:21 – Updated: 2024-08-04 05:47
    VLAI
    Summary
    In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143894715
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Denial of service
    • CWE-682 - Incorrect Calculation
    Assigner
    Impacted products
    Vendor Product Version
    n/a Android Affected: Android-8.0 Android-8.1 Android-9 Android-10
    google android Affected: 8.0
        cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*
    Create a notification for this product.
    google android Affected: 9.0
        cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*
    Create a notification for this product.
    google android Affected: 10.0
        cpe:2.3:o:google:android:10.0:-:*:*:*:*:*:*
    Create a notification for this product.
    google android Affected: 8.1
        cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "android",
                "vendor": "google",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "android",
                "vendor": "google",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:google:android:10.0:-:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "android",
                "vendor": "google",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "android",
                "vendor": "google",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.1"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-0022",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-28T13:54:56.691635Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-682",
                    "description": "CWE-682 Incorrect Calculation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-28T14:00:17.318Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T05:47:40.847Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://source.android.com/security/bulletin/2020-02-01"
              },
              {
                "name": "20200214 Re: [FD] Critical Bluetooth Vulnerability in Android (CVE-2020-0022) - BlueFrag",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2020/Feb/10"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/156891/Android-Bluetooth-Remote-Denial-Of-Service.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-03-smartphone-en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Android",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Android-8.0 Android-8.1 Android-9 Android-10"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143894715"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-05-13T13:06:27.000Z",
            "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
            "shortName": "google_android"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://source.android.com/security/bulletin/2020-02-01"
            },
            {
              "name": "20200214 Re: [FD] Critical Bluetooth Vulnerability in Android (CVE-2020-0022) - BlueFrag",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2020/Feb/10"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/156891/Android-Bluetooth-Remote-Denial-Of-Service.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-03-smartphone-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@android.com",
              "ID": "CVE-2020-0022",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Android",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Android-8.0 Android-8.1 Android-9 Android-10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143894715"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://source.android.com/security/bulletin/2020-02-01",
                  "refsource": "MISC",
                  "url": "https://source.android.com/security/bulletin/2020-02-01"
                },
                {
                  "name": "20200214 Re: [FD] Critical Bluetooth Vulnerability in Android (CVE-2020-0022) - BlueFrag",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2020/Feb/10"
                },
                {
                  "name": "http://packetstormsecurity.com/files/156891/Android-Bluetooth-Remote-Denial-Of-Service.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/156891/Android-Bluetooth-Remote-Denial-Of-Service.html"
                },
                {
                  "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-03-smartphone-en",
                  "refsource": "CONFIRM",
                  "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-03-smartphone-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
        "assignerShortName": "google_android",
        "cveId": "CVE-2020-0022",
        "datePublished": "2020-02-13T14:21:41.000Z",
        "dateReserved": "2019-10-17T00:00:00.000Z",
        "dateUpdated": "2024-08-04T05:47:40.847Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-2215 (GCVE-0-2019-2215)

    Vulnerability from nvd – Published: 2019-10-11 18:16 – Updated: 2025-10-21 23:45
    VLAI CISA KEVIntel
    Summary
    A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of privilege
    • CWE-416 - Use After Free
    Assigner
    Impacted products
    Vendor Product Version
    n/a Android Affected: Kernel
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:42:50.933Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://source.android.com/security/bulletin/2019-10-01"
              },
              {
                "name": "20191018 CVE 2019-2215 Android Binder Use After Free",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Oct/38"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20191031-0005/"
              },
              {
                "name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Nov/11"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
              },
              {
                "name": "USN-4186-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4186-1/"
              },
              {
                "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html"
              },
              {
                "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-2215",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T13:04:20.328785Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-2215"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-416",
                    "description": "CWE-416 Use After Free",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:45:29.242Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-2215"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2019-2215 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Android",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Kernel"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-02T19:06:43.000Z",
            "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
            "shortName": "google_android"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://source.android.com/security/bulletin/2019-10-01"
            },
            {
              "name": "20191018 CVE 2019-2215 Android Binder Use After Free",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Oct/38"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20191031-0005/"
            },
            {
              "name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Nov/11"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
            },
            {
              "name": "USN-4186-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4186-1/"
            },
            {
              "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html"
            },
            {
              "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@android.com",
              "ID": "CVE-2019-2215",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Android",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Kernel"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://source.android.com/security/bulletin/2019-10-01",
                  "refsource": "CONFIRM",
                  "url": "https://source.android.com/security/bulletin/2019-10-01"
                },
                {
                  "name": "20191018 CVE 2019-2215 Android Binder Use After Free",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Oct/38"
                },
                {
                  "name": "http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html"
                },
                {
                  "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en",
                  "refsource": "CONFIRM",
                  "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20191031-0005/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20191031-0005/"
                },
                {
                  "name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Nov/11"
                },
                {
                  "name": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
                },
                {
                  "name": "USN-4186-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4186-1/"
                },
                {
                  "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html"
                },
                {
                  "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
        "assignerShortName": "google_android",
        "cveId": "CVE-2019-2215",
        "datePublished": "2019-10-11T18:16:48.000Z",
        "dateReserved": "2018-12-10T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:45:29.242Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-9506 (GCVE-0-2019-9506)

    Vulnerability from nvd – Published: 2019-08-14 16:27 – Updated: 2024-09-16 19:14
    VLAI
    Title
    Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation
    Summary
    The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.
    CWE
    Assigner
    References
    URL Tags
    https://www.kb.cert.org/vuls/id/918987/ third-party-advisoryx_refsource_CERT-VN
    http://www.cs.ox.ac.uk/publications/publication12… x_refsource_MISC
    https://www.usenix.org/conference/usenixsecurity1… x_refsource_MISC
    https://www.bluetooth.com/security/statement-key-… x_refsource_CONFIRM
    http://seclists.org/fulldisclosure/2019/Aug/14 mailing-listx_refsource_FULLDISC
    http://seclists.org/fulldisclosure/2019/Aug/11 mailing-listx_refsource_FULLDISC
    http://seclists.org/fulldisclosure/2019/Aug/13 mailing-listx_refsource_FULLDISC
    http://seclists.org/fulldisclosure/2019/Aug/15 mailing-listx_refsource_FULLDISC
    http://www.huawei.com/en/psirt/security-advisorie… x_refsource_CONFIRM
    https://usn.ubuntu.com/4115-1/ vendor-advisoryx_refsource_UBUNTU
    https://usn.ubuntu.com/4118-1/ vendor-advisoryx_refsource_UBUNTU
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://usn.ubuntu.com/4147-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2019:2975 vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://access.redhat.com/errata/RHSA-2019:3076 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3055 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3089 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3187 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3165 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3217 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3220 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3231 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3218 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3309 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3517 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2020:0204 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Bluetooth BR/EDR Affected: 5.1 , ≤ 5.1 (custom)
    Create a notification for this product.
    Date Public
    2019-08-14 00:00
    Credits
    Daniele Antonioli‚ Nils Ole Tippenhauer, Kasper Rasmussen
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T21:54:44.303Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#918987",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/918987/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/"
              },
              {
                "name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Aug/14"
              },
              {
                "name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Aug/11"
              },
              {
                "name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Aug/13"
              },
              {
                "name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Aug/15"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en"
              },
              {
                "name": "USN-4115-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4115-1/"
              },
              {
                "name": "USN-4118-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4118-1/"
              },
              {
                "name": "[debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html"
              },
              {
                "name": "[debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html"
              },
              {
                "name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
              },
              {
                "name": "USN-4147-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4147-1/"
              },
              {
                "name": "RHSA-2019:2975",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2975"
              },
              {
                "name": "openSUSE-SU-2019:2307",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html"
              },
              {
                "name": "openSUSE-SU-2019:2308",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html"
              },
              {
                "name": "RHSA-2019:3076",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3076"
              },
              {
                "name": "RHSA-2019:3055",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3055"
              },
              {
                "name": "RHSA-2019:3089",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3089"
              },
              {
                "name": "RHSA-2019:3187",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3187"
              },
              {
                "name": "RHSA-2019:3165",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3165"
              },
              {
                "name": "RHSA-2019:3217",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3217"
              },
              {
                "name": "RHSA-2019:3220",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3220"
              },
              {
                "name": "RHSA-2019:3231",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3231"
              },
              {
                "name": "RHSA-2019:3218",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3218"
              },
              {
                "name": "RHSA-2019:3309",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3309"
              },
              {
                "name": "RHSA-2019:3517",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3517"
              },
              {
                "name": "RHSA-2020:0204",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2020:0204"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "N/A"
              ],
              "product": "BR/EDR",
              "vendor": "Bluetooth",
              "versions": [
                {
                  "lessThanOrEqual": "5.1",
                  "status": "affected",
                  "version": "5.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Daniele Antonioli\u201a Nils Ole Tippenhauer, Kasper Rasmussen"
            }
          ],
          "datePublic": "2019-08-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka \"KNOB\") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-310",
                  "description": "CWE-310 Cryptographic Issues",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-30T10:06:23.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "VU#918987",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/918987/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/"
            },
            {
              "name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Aug/14"
            },
            {
              "name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Aug/11"
            },
            {
              "name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Aug/13"
            },
            {
              "name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Aug/15"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en"
            },
            {
              "name": "USN-4115-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4115-1/"
            },
            {
              "name": "USN-4118-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4118-1/"
            },
            {
              "name": "[debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html"
            },
            {
              "name": "[debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html"
            },
            {
              "name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
            },
            {
              "name": "USN-4147-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4147-1/"
            },
            {
              "name": "RHSA-2019:2975",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2975"
            },
            {
              "name": "openSUSE-SU-2019:2307",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html"
            },
            {
              "name": "openSUSE-SU-2019:2308",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html"
            },
            {
              "name": "RHSA-2019:3076",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3076"
            },
            {
              "name": "RHSA-2019:3055",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3055"
            },
            {
              "name": "RHSA-2019:3089",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3089"
            },
            {
              "name": "RHSA-2019:3187",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3187"
            },
            {
              "name": "RHSA-2019:3165",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3165"
            },
            {
              "name": "RHSA-2019:3217",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3217"
            },
            {
              "name": "RHSA-2019:3220",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3220"
            },
            {
              "name": "RHSA-2019:3231",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3231"
            },
            {
              "name": "RHSA-2019:3218",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3218"
            },
            {
              "name": "RHSA-2019:3309",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3309"
            },
            {
              "name": "RHSA-2019:3517",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3517"
            },
            {
              "name": "RHSA-2020:0204",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0204"
            }
          ],
          "source": {
            "advisory": "VU#918987",
            "defect": [
              "VU#918987"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation",
          "workarounds": [
            {
              "lang": "en",
              "value": "Bluetooth SIG Expedited Errata Correction 11838"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.7"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "KNOB",
              "ASSIGNER": "cert@cert.org",
              "DATE_PUBLIC": "2019-08-14",
              "ID": "CVE-2019-9506",
              "STATE": "PUBLIC",
              "TITLE": "Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BR/EDR",
                          "version": {
                            "version_data": [
                              {
                                "platform": "N/A",
                                "version_affected": "\u003c=",
                                "version_name": "5.1",
                                "version_value": "5.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Bluetooth"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Daniele Antonioli\u201a Nils Ole Tippenhauer, Kasper Rasmussen"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka \"KNOB\") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.7"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-310 Cryptographic Issues"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#918987",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/918987/"
                },
                {
                  "name": "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html",
                  "refsource": "MISC",
                  "url": "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html"
                },
                {
                  "name": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli",
                  "refsource": "MISC",
                  "url": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli"
                },
                {
                  "name": "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/",
                  "refsource": "CONFIRM",
                  "url": "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/"
                },
                {
                  "name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Aug/14"
                },
                {
                  "name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Aug/11"
                },
                {
                  "name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Aug/13"
                },
                {
                  "name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Aug/15"
                },
                {
                  "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en",
                  "refsource": "CONFIRM",
                  "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en"
                },
                {
                  "name": "USN-4115-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4115-1/"
                },
                {
                  "name": "USN-4118-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4118-1/"
                },
                {
                  "name": "[debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html"
                },
                {
                  "name": "[debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html"
                },
                {
                  "name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
                },
                {
                  "name": "USN-4147-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4147-1/"
                },
                {
                  "name": "RHSA-2019:2975",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:2975"
                },
                {
                  "name": "openSUSE-SU-2019:2307",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html"
                },
                {
                  "name": "openSUSE-SU-2019:2308",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html"
                },
                {
                  "name": "RHSA-2019:3076",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3076"
                },
                {
                  "name": "RHSA-2019:3055",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3055"
                },
                {
                  "name": "RHSA-2019:3089",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3089"
                },
                {
                  "name": "RHSA-2019:3187",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3187"
                },
                {
                  "name": "RHSA-2019:3165",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3165"
                },
                {
                  "name": "RHSA-2019:3217",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3217"
                },
                {
                  "name": "RHSA-2019:3220",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3220"
                },
                {
                  "name": "RHSA-2019:3231",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3231"
                },
                {
                  "name": "RHSA-2019:3218",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3218"
                },
                {
                  "name": "RHSA-2019:3309",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3309"
                },
                {
                  "name": "RHSA-2019:3517",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3517"
                },
                {
                  "name": "RHSA-2020:0204",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2020:0204"
                }
              ]
            },
            "source": {
              "advisory": "VU#918987",
              "defect": [
                "VU#918987"
              ],
              "discovery": "EXTERNAL"
            },
            "work_around": [
              {
                "lang": "en",
                "value": "Bluetooth SIG Expedited Errata Correction 11838"
              }
            ]
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2019-9506",
        "datePublished": "2019-08-14T16:27:45.059Z",
        "dateReserved": "2019-03-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:14:13.573Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7956 (GCVE-0-2018-7956)

    Vulnerability from nvd – Published: 2018-12-04 18:00 – Updated: 2024-08-05 06:37
    VLAI
    Summary
    Huawei VIP App is a mobile app for Malaysia customers that purchased P20 Series, Nova 3/3i and Mate 20. There is a vulnerability in versions before 4.0.5 that attackers can conduct bruteforce to the VIP App Web Services to get user information.
    Severity
    No CVSS data available.
    CWE
    • information leakage
    Assigner
    References
    Impacted products
    Vendor Product Version
    Huawei Technologies Co., Ltd. Huawei VIP App Affected: versions before 4.0.5
    Create a notification for this product.
    Date Public
    2018-11-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:59.663Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181129-01-huaweivip-en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Huawei VIP App",
              "vendor": "Huawei Technologies Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions before 4.0.5"
                }
              ]
            }
          ],
          "datePublic": "2018-11-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Huawei VIP App is a mobile app for Malaysia customers that purchased P20 Series, Nova 3/3i and Mate 20. There is a vulnerability in versions before 4.0.5 that attackers can conduct bruteforce to the VIP App Web Services to get user information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "information leakage",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-04T17:57:01.000Z",
            "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
            "shortName": "huawei"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181129-01-huaweivip-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@huawei.com",
              "ID": "CVE-2018-7956",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Huawei VIP App",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions before 4.0.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Huawei Technologies Co., Ltd."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Huawei VIP App is a mobile app for Malaysia customers that purchased P20 Series, Nova 3/3i and Mate 20. There is a vulnerability in versions before 4.0.5 that attackers can conduct bruteforce to the VIP App Web Services to get user information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "information leakage"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181129-01-huaweivip-en",
                  "refsource": "CONFIRM",
                  "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181129-01-huaweivip-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "assignerShortName": "huawei",
        "cveId": "CVE-2018-7956",
        "datePublished": "2018-12-04T18:00:00.000Z",
        "dateReserved": "2018-03-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:37:59.663Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-0069 (GCVE-0-2020-0069)

    Vulnerability from cvelistv5 – Published: 2020-03-10 19:56 – Updated: 2025-10-21 23:35
    VLAI CISA KEVIntel
    Summary
    In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of privilege
    • CWE-787 - Out-of-bounds Write
    Assigner
    Impacted products
    Vendor Product Version
    n/a Android Affected: Android kernel
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T05:47:40.759Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://source.android.com/security/bulletin/2020-03-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-mtk-en"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-0069",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T13:03:30.656110Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0069"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:35:49.217Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0069"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2020-0069 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Android",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Android kernel"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-05-27T11:06:04.000Z",
            "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
            "shortName": "google_android"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://source.android.com/security/bulletin/2020-03-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-mtk-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@android.com",
              "ID": "CVE-2020-0069",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Android",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Android kernel"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://source.android.com/security/bulletin/2020-03-01",
                  "refsource": "MISC",
                  "url": "https://source.android.com/security/bulletin/2020-03-01"
                },
                {
                  "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-mtk-en",
                  "refsource": "CONFIRM",
                  "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-mtk-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
        "assignerShortName": "google_android",
        "cveId": "CVE-2020-0069",
        "datePublished": "2020-03-10T19:56:37.000Z",
        "dateReserved": "2019-10-17T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:35:49.217Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-0022 (GCVE-0-2020-0022)

    Vulnerability from cvelistv5 – Published: 2020-02-13 14:21 – Updated: 2024-08-04 05:47
    VLAI
    Summary
    In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143894715
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Denial of service
    • CWE-682 - Incorrect Calculation
    Assigner
    Impacted products
    Vendor Product Version
    n/a Android Affected: Android-8.0 Android-8.1 Android-9 Android-10
    google android Affected: 8.0
        cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*
    Create a notification for this product.
    google android Affected: 9.0
        cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*
    Create a notification for this product.
    google android Affected: 10.0
        cpe:2.3:o:google:android:10.0:-:*:*:*:*:*:*
    Create a notification for this product.
    google android Affected: 8.1
        cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "android",
                "vendor": "google",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "android",
                "vendor": "google",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:google:android:10.0:-:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "android",
                "vendor": "google",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "android",
                "vendor": "google",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.1"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-0022",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-28T13:54:56.691635Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-682",
                    "description": "CWE-682 Incorrect Calculation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-28T14:00:17.318Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T05:47:40.847Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://source.android.com/security/bulletin/2020-02-01"
              },
              {
                "name": "20200214 Re: [FD] Critical Bluetooth Vulnerability in Android (CVE-2020-0022) - BlueFrag",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2020/Feb/10"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/156891/Android-Bluetooth-Remote-Denial-Of-Service.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-03-smartphone-en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Android",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Android-8.0 Android-8.1 Android-9 Android-10"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143894715"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-05-13T13:06:27.000Z",
            "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
            "shortName": "google_android"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://source.android.com/security/bulletin/2020-02-01"
            },
            {
              "name": "20200214 Re: [FD] Critical Bluetooth Vulnerability in Android (CVE-2020-0022) - BlueFrag",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2020/Feb/10"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/156891/Android-Bluetooth-Remote-Denial-Of-Service.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-03-smartphone-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@android.com",
              "ID": "CVE-2020-0022",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Android",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Android-8.0 Android-8.1 Android-9 Android-10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143894715"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://source.android.com/security/bulletin/2020-02-01",
                  "refsource": "MISC",
                  "url": "https://source.android.com/security/bulletin/2020-02-01"
                },
                {
                  "name": "20200214 Re: [FD] Critical Bluetooth Vulnerability in Android (CVE-2020-0022) - BlueFrag",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2020/Feb/10"
                },
                {
                  "name": "http://packetstormsecurity.com/files/156891/Android-Bluetooth-Remote-Denial-Of-Service.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/156891/Android-Bluetooth-Remote-Denial-Of-Service.html"
                },
                {
                  "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-03-smartphone-en",
                  "refsource": "CONFIRM",
                  "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-03-smartphone-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
        "assignerShortName": "google_android",
        "cveId": "CVE-2020-0022",
        "datePublished": "2020-02-13T14:21:41.000Z",
        "dateReserved": "2019-10-17T00:00:00.000Z",
        "dateUpdated": "2024-08-04T05:47:40.847Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-2215 (GCVE-0-2019-2215)

    Vulnerability from cvelistv5 – Published: 2019-10-11 18:16 – Updated: 2025-10-21 23:45
    VLAI CISA KEVIntel
    Summary
    A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of privilege
    • CWE-416 - Use After Free
    Assigner
    Impacted products
    Vendor Product Version
    n/a Android Affected: Kernel
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:42:50.933Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://source.android.com/security/bulletin/2019-10-01"
              },
              {
                "name": "20191018 CVE 2019-2215 Android Binder Use After Free",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Oct/38"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20191031-0005/"
              },
              {
                "name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Nov/11"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
              },
              {
                "name": "USN-4186-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4186-1/"
              },
              {
                "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html"
              },
              {
                "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-2215",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T13:04:20.328785Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-2215"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-416",
                    "description": "CWE-416 Use After Free",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:45:29.242Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-2215"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2019-2215 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Android",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Kernel"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-02T19:06:43.000Z",
            "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
            "shortName": "google_android"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://source.android.com/security/bulletin/2019-10-01"
            },
            {
              "name": "20191018 CVE 2019-2215 Android Binder Use After Free",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Oct/38"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20191031-0005/"
            },
            {
              "name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Nov/11"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
            },
            {
              "name": "USN-4186-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4186-1/"
            },
            {
              "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html"
            },
            {
              "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@android.com",
              "ID": "CVE-2019-2215",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Android",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Kernel"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://source.android.com/security/bulletin/2019-10-01",
                  "refsource": "CONFIRM",
                  "url": "https://source.android.com/security/bulletin/2019-10-01"
                },
                {
                  "name": "20191018 CVE 2019-2215 Android Binder Use After Free",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Oct/38"
                },
                {
                  "name": "http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html"
                },
                {
                  "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en",
                  "refsource": "CONFIRM",
                  "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20191031-0005/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20191031-0005/"
                },
                {
                  "name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Nov/11"
                },
                {
                  "name": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
                },
                {
                  "name": "USN-4186-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4186-1/"
                },
                {
                  "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html"
                },
                {
                  "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
        "assignerShortName": "google_android",
        "cveId": "CVE-2019-2215",
        "datePublished": "2019-10-11T18:16:48.000Z",
        "dateReserved": "2018-12-10T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:45:29.242Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-9506 (GCVE-0-2019-9506)

    Vulnerability from cvelistv5 – Published: 2019-08-14 16:27 – Updated: 2024-09-16 19:14
    VLAI
    Title
    Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation
    Summary
    The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.
    CWE
    Assigner
    References
    URL Tags
    https://www.kb.cert.org/vuls/id/918987/ third-party-advisoryx_refsource_CERT-VN
    http://www.cs.ox.ac.uk/publications/publication12… x_refsource_MISC
    https://www.usenix.org/conference/usenixsecurity1… x_refsource_MISC
    https://www.bluetooth.com/security/statement-key-… x_refsource_CONFIRM
    http://seclists.org/fulldisclosure/2019/Aug/14 mailing-listx_refsource_FULLDISC
    http://seclists.org/fulldisclosure/2019/Aug/11 mailing-listx_refsource_FULLDISC
    http://seclists.org/fulldisclosure/2019/Aug/13 mailing-listx_refsource_FULLDISC
    http://seclists.org/fulldisclosure/2019/Aug/15 mailing-listx_refsource_FULLDISC
    http://www.huawei.com/en/psirt/security-advisorie… x_refsource_CONFIRM
    https://usn.ubuntu.com/4115-1/ vendor-advisoryx_refsource_UBUNTU
    https://usn.ubuntu.com/4118-1/ vendor-advisoryx_refsource_UBUNTU
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://usn.ubuntu.com/4147-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2019:2975 vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://access.redhat.com/errata/RHSA-2019:3076 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3055 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3089 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3187 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3165 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3217 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3220 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3231 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3218 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3309 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3517 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2020:0204 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Bluetooth BR/EDR Affected: 5.1 , ≤ 5.1 (custom)
    Create a notification for this product.
    Date Public
    2019-08-14 00:00
    Credits
    Daniele Antonioli‚ Nils Ole Tippenhauer, Kasper Rasmussen
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T21:54:44.303Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#918987",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/918987/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/"
              },
              {
                "name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Aug/14"
              },
              {
                "name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Aug/11"
              },
              {
                "name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Aug/13"
              },
              {
                "name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Aug/15"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en"
              },
              {
                "name": "USN-4115-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4115-1/"
              },
              {
                "name": "USN-4118-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4118-1/"
              },
              {
                "name": "[debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html"
              },
              {
                "name": "[debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html"
              },
              {
                "name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
              },
              {
                "name": "USN-4147-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4147-1/"
              },
              {
                "name": "RHSA-2019:2975",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2975"
              },
              {
                "name": "openSUSE-SU-2019:2307",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html"
              },
              {
                "name": "openSUSE-SU-2019:2308",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html"
              },
              {
                "name": "RHSA-2019:3076",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3076"
              },
              {
                "name": "RHSA-2019:3055",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3055"
              },
              {
                "name": "RHSA-2019:3089",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3089"
              },
              {
                "name": "RHSA-2019:3187",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3187"
              },
              {
                "name": "RHSA-2019:3165",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3165"
              },
              {
                "name": "RHSA-2019:3217",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3217"
              },
              {
                "name": "RHSA-2019:3220",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3220"
              },
              {
                "name": "RHSA-2019:3231",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3231"
              },
              {
                "name": "RHSA-2019:3218",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3218"
              },
              {
                "name": "RHSA-2019:3309",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3309"
              },
              {
                "name": "RHSA-2019:3517",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3517"
              },
              {
                "name": "RHSA-2020:0204",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2020:0204"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "N/A"
              ],
              "product": "BR/EDR",
              "vendor": "Bluetooth",
              "versions": [
                {
                  "lessThanOrEqual": "5.1",
                  "status": "affected",
                  "version": "5.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Daniele Antonioli\u201a Nils Ole Tippenhauer, Kasper Rasmussen"
            }
          ],
          "datePublic": "2019-08-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka \"KNOB\") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-310",
                  "description": "CWE-310 Cryptographic Issues",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-30T10:06:23.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "VU#918987",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/918987/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/"
            },
            {
              "name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Aug/14"
            },
            {
              "name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Aug/11"
            },
            {
              "name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Aug/13"
            },
            {
              "name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Aug/15"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en"
            },
            {
              "name": "USN-4115-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4115-1/"
            },
            {
              "name": "USN-4118-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4118-1/"
            },
            {
              "name": "[debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html"
            },
            {
              "name": "[debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html"
            },
            {
              "name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
            },
            {
              "name": "USN-4147-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4147-1/"
            },
            {
              "name": "RHSA-2019:2975",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2975"
            },
            {
              "name": "openSUSE-SU-2019:2307",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html"
            },
            {
              "name": "openSUSE-SU-2019:2308",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html"
            },
            {
              "name": "RHSA-2019:3076",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3076"
            },
            {
              "name": "RHSA-2019:3055",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3055"
            },
            {
              "name": "RHSA-2019:3089",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3089"
            },
            {
              "name": "RHSA-2019:3187",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3187"
            },
            {
              "name": "RHSA-2019:3165",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3165"
            },
            {
              "name": "RHSA-2019:3217",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3217"
            },
            {
              "name": "RHSA-2019:3220",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3220"
            },
            {
              "name": "RHSA-2019:3231",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3231"
            },
            {
              "name": "RHSA-2019:3218",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3218"
            },
            {
              "name": "RHSA-2019:3309",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3309"
            },
            {
              "name": "RHSA-2019:3517",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3517"
            },
            {
              "name": "RHSA-2020:0204",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0204"
            }
          ],
          "source": {
            "advisory": "VU#918987",
            "defect": [
              "VU#918987"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation",
          "workarounds": [
            {
              "lang": "en",
              "value": "Bluetooth SIG Expedited Errata Correction 11838"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.7"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "KNOB",
              "ASSIGNER": "cert@cert.org",
              "DATE_PUBLIC": "2019-08-14",
              "ID": "CVE-2019-9506",
              "STATE": "PUBLIC",
              "TITLE": "Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BR/EDR",
                          "version": {
                            "version_data": [
                              {
                                "platform": "N/A",
                                "version_affected": "\u003c=",
                                "version_name": "5.1",
                                "version_value": "5.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Bluetooth"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Daniele Antonioli\u201a Nils Ole Tippenhauer, Kasper Rasmussen"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka \"KNOB\") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.7"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-310 Cryptographic Issues"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#918987",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/918987/"
                },
                {
                  "name": "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html",
                  "refsource": "MISC",
                  "url": "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html"
                },
                {
                  "name": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli",
                  "refsource": "MISC",
                  "url": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli"
                },
                {
                  "name": "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/",
                  "refsource": "CONFIRM",
                  "url": "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/"
                },
                {
                  "name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Aug/14"
                },
                {
                  "name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Aug/11"
                },
                {
                  "name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Aug/13"
                },
                {
                  "name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Aug/15"
                },
                {
                  "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en",
                  "refsource": "CONFIRM",
                  "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en"
                },
                {
                  "name": "USN-4115-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4115-1/"
                },
                {
                  "name": "USN-4118-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4118-1/"
                },
                {
                  "name": "[debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html"
                },
                {
                  "name": "[debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html"
                },
                {
                  "name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
                },
                {
                  "name": "USN-4147-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4147-1/"
                },
                {
                  "name": "RHSA-2019:2975",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:2975"
                },
                {
                  "name": "openSUSE-SU-2019:2307",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html"
                },
                {
                  "name": "openSUSE-SU-2019:2308",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html"
                },
                {
                  "name": "RHSA-2019:3076",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3076"
                },
                {
                  "name": "RHSA-2019:3055",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3055"
                },
                {
                  "name": "RHSA-2019:3089",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3089"
                },
                {
                  "name": "RHSA-2019:3187",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3187"
                },
                {
                  "name": "RHSA-2019:3165",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3165"
                },
                {
                  "name": "RHSA-2019:3217",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3217"
                },
                {
                  "name": "RHSA-2019:3220",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3220"
                },
                {
                  "name": "RHSA-2019:3231",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3231"
                },
                {
                  "name": "RHSA-2019:3218",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3218"
                },
                {
                  "name": "RHSA-2019:3309",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3309"
                },
                {
                  "name": "RHSA-2019:3517",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3517"
                },
                {
                  "name": "RHSA-2020:0204",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2020:0204"
                }
              ]
            },
            "source": {
              "advisory": "VU#918987",
              "defect": [
                "VU#918987"
              ],
              "discovery": "EXTERNAL"
            },
            "work_around": [
              {
                "lang": "en",
                "value": "Bluetooth SIG Expedited Errata Correction 11838"
              }
            ]
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2019-9506",
        "datePublished": "2019-08-14T16:27:45.059Z",
        "dateReserved": "2019-03-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:14:13.573Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7956 (GCVE-0-2018-7956)

    Vulnerability from cvelistv5 – Published: 2018-12-04 18:00 – Updated: 2024-08-05 06:37
    VLAI
    Summary
    Huawei VIP App is a mobile app for Malaysia customers that purchased P20 Series, Nova 3/3i and Mate 20. There is a vulnerability in versions before 4.0.5 that attackers can conduct bruteforce to the VIP App Web Services to get user information.
    Severity
    No CVSS data available.
    CWE
    • information leakage
    Assigner
    References
    Impacted products
    Vendor Product Version
    Huawei Technologies Co., Ltd. Huawei VIP App Affected: versions before 4.0.5
    Create a notification for this product.
    Date Public
    2018-11-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:59.663Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181129-01-huaweivip-en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Huawei VIP App",
              "vendor": "Huawei Technologies Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions before 4.0.5"
                }
              ]
            }
          ],
          "datePublic": "2018-11-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Huawei VIP App is a mobile app for Malaysia customers that purchased P20 Series, Nova 3/3i and Mate 20. There is a vulnerability in versions before 4.0.5 that attackers can conduct bruteforce to the VIP App Web Services to get user information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "information leakage",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-04T17:57:01.000Z",
            "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
            "shortName": "huawei"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181129-01-huaweivip-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@huawei.com",
              "ID": "CVE-2018-7956",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Huawei VIP App",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions before 4.0.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Huawei Technologies Co., Ltd."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Huawei VIP App is a mobile app for Malaysia customers that purchased P20 Series, Nova 3/3i and Mate 20. There is a vulnerability in versions before 4.0.5 that attackers can conduct bruteforce to the VIP App Web Services to get user information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "information leakage"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181129-01-huaweivip-en",
                  "refsource": "CONFIRM",
                  "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181129-01-huaweivip-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "assignerShortName": "huawei",
        "cveId": "CVE-2018-7956",
        "datePublished": "2018-12-04T18:00:00.000Z",
        "dateReserved": "2018-03-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:37:59.663Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }