Search

Find a vulnerability

Search criteria

    38 vulnerabilities by bluetooth

    VAR-201808-1004

    Vulnerability from variot - Updated: 2026-03-09 21:37

    Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. Insufficient encryption processing (CWE-325) - CVE-2018-5383 Bluetooth Then, elliptic curve Diffie-Hellman key sharing (ECDH) It defines a device pairing mechanism based on technology. In this method, each pair to be paired prepares a key pair consisting of a private key and a public key. When pairing starts, each other's public key is exchanged, and each private key is generated using the private key of the other party and the public key of the other party. The parameters of the elliptic curve encryption to be used must be agreed in advance. Bluetooth The specification recommends that you verify that the public key you received from the other party is appropriate, but it was not required. "Invalid Curve Attack" Or "Invalid Point Attack" In an attack technique called, it is pointed out that searching for a secret key is much easier if a shared key is generated without confirming that the public key received from the other party is appropriate. It is. Some implementations process without verifying the public key received from the other party, Bluetooth If a public key crafted by a third party that exists within the communication distance of is injected, there is a possibility that the secret key is obtained with a high probability. As a result, there is a possibility that the communication contents will be obtained or altered. Secure Connections Pairing Mode and Simple Secure Paring Both modes are affected. Bluetooth SIG Let's make it necessary to verify the received public key. Bluetooth While updating the specifications of Bluetooth Qualification Program Added a test item in this case. Bluetooth SIG See the announcement. Bluetooth SIG Announcement https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-updateBluetooth Man-in-the-middle attack by third parties within the communication range (man-in-the-middle attack) If this is done, you may be able to obtain the private key used by the device. As a result, communication content between devices may be obtained or falsified. Bluetooth is a wireless technology standard that enables short-range data exchange between fixed and mobile devices and personal area networks in buildings. The following systems are affected: macOS prior to 10.13; macOS High Sierra prior to 11.4; iOS prior to 11.4; Android prior to Patch 2018-06-05. CVE-2018-4249: Kevin Backhouse of Semmle Ltd. CVE-2018-4240: Sriram (@Sri_Hxor) of PrimeFort Pvt.

    Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    APPLE-SA-2018-9-17-1 iOS 12

    iOS 12 is now available and addresses the following:

    Accounts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local app may be able to read a persistent account identifier Description: This issue was addressed with improved entitlements. CVE-2018-4322: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.

    Bluetooth Available for: iPhone SE, iPhone 6s, iPhone 6s Plus, iPhone 7, iPhone 7 Plus, iPad Mini 4, 12.9-inch iPad Pro 1st generation, 12.9-inch iPad Pro 2nd generation, 10.5-inch iPad Pro, 9.7-inch iPad Pro, iPad 5th generation, and iPod Touch 6th generation Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. CVE-2018-5383: Lior Neumann and Eli Biham

    Core Bluetooth Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4330: Apple

    CoreMedia Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An app may be able to learn information about the current camera view before being granted camera access Description: A permissions issue existed. This issue was addressed with improved permission validation. CVE-2018-4356: an anonymous researcher

    IOMobileFrameBuffer Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4335: Brandon Azad

    iTunes Store Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged network position may be able to spoof password prompts in the iTunes Store Description: An input validation issue was addressed with improved input validation. CVE-2018-4305: Jerry Decime

    Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: An input validation issue existed in the kernel. This issue was addressed with improved input validation. CVE-2018-4363: Ian Beer of Google Project Zero

    Messages Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to discover a user's deleted messages Description: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of message deletions. CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi - Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU)

    Notes Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to discover a user's deleted notes Description: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of notes deletions. CVE-2018-4352: an anonymous researcher

    Safari Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to discover websites a user has visited Description: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of application snapshots. CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi - Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU)

    Safari Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A user may be unable to delete browsing history items Description: Clearing a history item may not clear visits with redirect chains. The issue was addressed with improved data deletion. CVE-2018-4329: Hugo S. Diaz (coldpointblue)

    Safari Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may be able to exfiltrate autofilled data in Safari Description: A logic issue was addressed with improved state management. CVE-2018-4307: Rafay Baloch of Pakistan Telecommunications Authority

    SafariViewController Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4362: Jun Kokatsu (@shhnjk)

    Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm Description: This issue was addressed by removing RC4. CVE-2016-1777: Pepi Zawodsky

    Status Bar Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to determine the last used app from the lock screen Description: A logic issue was addressed with improved restrictions. CVE-2018-4325: Brian Adeloye

    Wi-Fi Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4338: Lee @ SECLAB, Yonsei University working with Trend Micro's Zero Day Initiative

    Installation note:

    This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/

    iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.

    The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.

    To check that the iPhone, iPod touch, or iPad has been updated:

    • Navigate to Settings
    • Select General
    • Select About. The version after applying this update will be "iOS 12".

    Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

    This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCAAdFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAluf5GIACgkQeC9tht7T K3G2mg//QBqaVSeHLeqL489OJmSvBtudWIDY1GhHJ5Xc8ox3ILDNLVZeBU+DIpqr Fb/slmBKhNM69CPf2fGC/Af2h3ZbUYVoANoyWfH+A/PYzFV726w5WHaq4QZndauO urHsrE/lH8CvDFS6lzp0OdGV5hVIGQ3hoYiF0lYmIdzCDQYwvFp+pn2I3b37Io8K 5/cjRiYp+uq2NAKLm6hx8yq0NtYAQyQTsk6ZAsGlilmydLJDGnaeJE80wk7EBd8f rkdtqzs5B5ohHVYLcoGgMUrE7qyLpqwXjkfIJO8bkk1IqlbMwjmhOJVRPaHWtj5Y 8Ouc2ebMfpFimk9+ODBUYMCsQJgQw8P6pW3gfSpiheIOPc65KzoaAdg+nOfmPwJK LR9CDMJauwYHf1I2RrMzDBflV1HIPurYciHBZKn6IH4f3KNIu5PGNTnHFgln6MxT D11WXuxNfvc2B1hRIRHXD2OB1+rh5Q+tkb+AEauHzIFWgl7otx6EZhiu7W8Mxa22 k6s/Fo1UZI1GbnNjU9ugEumxH8w0WQNQZOOH3FI07aA7F2FVcTVXL4uaIoHzZR0N ZmC/RvsQNGmw8L+DRWedEHda/rieAgMHkJxrjF0Day9PqY50YL7F+7qaw2J6Tmpo r5jDothh/1TQbkE5G8oOaT3Y3iOtDcMqh0T7jRxIP7awQMKce9M= =1Ld6 -----END PGP SIGNATURE-----

    . CVE-2018-5383: Lior Neumann and Eli Biham

    The updates below are available for these Mac models: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013, Mid 2010, and Mid 2012 models with recommended Metal-capable graphics processor, including MSI Gaming Radeon RX 560 and Sapphire Radeon PULSE RX 580)

    App Store Impact: A malicious application may be able to determine the Apple ID of the owner of the computer Description: A permissions issue existed in the handling of the Apple ID. CVE-2018-4324: Sergii Kryvoblotskyi of MacPaw Inc. CVE-2018-4353: Abhinav Bansal of Zscaler, Inc.

    Mail We would like to acknowledge Alessandro Avagliano of Rocket Internet SE, John Whitehead of The New York Times, Kelvin Delbarre of Omicron Software Systems, and Zbyszek A>>A3Akiewski for their assistance.

    Security We would like to acknowledge Christoph Sinai, Daniel Dudek (@dannysapples) of The Irish Times and Filip KlubiAka (@lemoncloak) of ADAPT Centre, Dublin Institute of Technology, Istvan Csanady of Shapr3D, Omar Barkawi of ITG Software, Inc., Phil Caleno, Wilson Ding, and an anonymous researcher for their assistance. ========================================================================= Ubuntu Security Notice USN-4094-1 August 13, 2019

    linux, linux-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 18.04 LTS
    • Ubuntu 16.04 LTS

    Summary:

    Several security issues were fixed in the Linux kernel.

    Software Description: - linux: Linux kernel - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-gke-4.15: Linux kernel for Google Container Engine (GKE) systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-hwe: Linux hardware enablement (HWE) kernel

    Details:

    It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. (CVE-2018-13053)

    Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13093)

    Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13097, CVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14616, CVE-2018-13096, CVE-2018-13098, CVE-2018-14615)

    Wen Xu and Po-Ning Tseng discovered that btrfs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613, CVE-2018-14609)

    Wen Xu discovered that the HFS+ filesystem implementation in the Linux kernel did not properly handle malformed catalog data in some situations. An attacker could use this to construct a malicious HFS+ image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14617)

    Vasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem of the Linux kernel did not properly initialize new files in some situations. A local attacker could use this to expose sensitive information. (CVE-2018-16862)

    Hui Peng and Mathias Payer discovered that the USB subsystem in the Linux kernel did not properly handle size checks when handling an extra USB descriptor. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-20169)

    It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. An attacker could use this to expose sensitive information. (CVE-2018-5383)

    It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126)

    Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-1125)

    It was discovered that the PowerPC dlpar implementation in the Linux kernel did not properly check for allocation errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12614)

    It was discovered that a NULL pointer dereference vulnerabilty existed in the Near-field communication (NFC) implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12818)

    It was discovered that the MDIO bus devices subsystem in the Linux kernel improperly dropped a device reference in an error condition, leading to a use-after-free. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12819)

    It was discovered that a NULL pointer dereference vulnerability existed in the Near-field communication (NFC) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-12984)

    Jann Horn discovered a use-after-free vulnerability in the Linux kernel when accessing LDT entries in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13233)

    Jann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2019-13272)

    It was discovered that the Empia EM28xx DVB USB device driver implementation in the Linux kernel contained a use-after-free vulnerability when disconnecting the device. An attacker could use this to cause a denial of service (system crash). (CVE-2019-2024)

    It was discovered that the USB video device class implementation in the Linux kernel did not properly validate control bits, resulting in an out of bounds buffer read. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2019-2101)

    It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846)

    It was discovered that the Appletalk IP encapsulation driver in the Linux kernel did not properly prevent kernel addresses from being copied to user space. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information. (CVE-2018-20511)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 18.04 LTS: linux-image-4.15.0-1021-oracle 4.15.0-1021.23 linux-image-4.15.0-1040-gcp 4.15.0-1040.42 linux-image-4.15.0-1040-gke 4.15.0-1040.42 linux-image-4.15.0-1042-kvm 4.15.0-1042.42 linux-image-4.15.0-1043-raspi2 4.15.0-1043.46 linux-image-4.15.0-1050-oem 4.15.0-1050.57 linux-image-4.15.0-1060-snapdragon 4.15.0-1060.66 linux-image-4.15.0-58-generic 4.15.0-58.64 linux-image-4.15.0-58-generic-lpae 4.15.0-58.64 linux-image-4.15.0-58-lowlatency 4.15.0-58.64 linux-image-gcp 4.15.0.1040.42 linux-image-generic 4.15.0.58.60 linux-image-generic-lpae 4.15.0.58.60 linux-image-gke 4.15.0.1040.43 linux-image-gke-4.15 4.15.0.1040.43 linux-image-kvm 4.15.0.1042.42 linux-image-lowlatency 4.15.0.58.60 linux-image-oem 4.15.0.1050.54 linux-image-oracle 4.15.0.1021.24 linux-image-powerpc-e500mc 4.15.0.58.60 linux-image-powerpc-smp 4.15.0.58.60 linux-image-powerpc64-emb 4.15.0.58.60 linux-image-powerpc64-smp 4.15.0.58.60 linux-image-raspi2 4.15.0.1043.41 linux-image-snapdragon 4.15.0.1060.63 linux-image-virtual 4.15.0.58.60

    Ubuntu 16.04 LTS: linux-image-4.15.0-1021-oracle 4.15.0-1021.23~16.04.1 linux-image-4.15.0-1040-gcp 4.15.0-1040.42~16.04.1 linux-image-4.15.0-1055-azure 4.15.0-1055.60 linux-image-4.15.0-58-generic 4.15.0-58.64~16.04.1 linux-image-4.15.0-58-generic-lpae 4.15.0-58.64~16.04.1 linux-image-4.15.0-58-lowlatency 4.15.0-58.64~16.04.1 linux-image-azure 4.15.0.1055.58 linux-image-gcp 4.15.0.1040.54 linux-image-generic-hwe-16.04 4.15.0.58.79 linux-image-generic-lpae-hwe-16.04 4.15.0.58.79 linux-image-gke 4.15.0.1040.54 linux-image-lowlatency-hwe-16.04 4.15.0.58.79 linux-image-oem 4.15.0.58.79 linux-image-oracle 4.15.0.1021.15 linux-image-virtual-hwe-16.04 4.15.0.58.79

    After a standard system update you need to reboot your computer to make all the necessary changes.

    ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

    References: https://usn.ubuntu.com/4094-1 CVE-2018-13053, CVE-2018-13093, CVE-2018-13096, CVE-2018-13097, CVE-2018-13098, CVE-2018-13099, CVE-2018-13100, CVE-2018-14609, CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613, CVE-2018-14614, CVE-2018-14615, CVE-2018-14616, CVE-2018-14617, CVE-2018-16862, CVE-2018-20169, CVE-2018-20511, CVE-2018-20856, CVE-2018-5383, CVE-2019-10126, CVE-2019-1125, CVE-2019-12614, CVE-2019-12818, CVE-2019-12819, CVE-2019-12984, CVE-2019-13233, CVE-2019-13272, CVE-2019-2024, CVE-2019-2101, CVE-2019-3846

    Package Information: https://launchpad.net/ubuntu/+source/linux/4.15.0-58.64 https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1040.42 https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1040.42 https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1042.42 https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1050.57 https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1021.23 https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1043.46 https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1060.66 https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1055.60 https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1040.42~16.04.1 https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-58.64~16.04.1 https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1021.23~16.04.1 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    APPLE-SA-2018-7-23-1 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan

    macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, and Security Update 2018-004 El Capitan address the following:

    AMD Available for: macOS High Sierra 10.13.5 Impact: A malicious application may be able to determine kernel memory layout Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2018-4285: Mohamed Ghannam (@_simo36)

    Bluetooth Available for: MacBook Pro (15-inch, 2018), and MacBook Pro (13-inch, 2018, Four Thunderbolt 3 Ports) Other Mac models were addressed with macOS High Sierra 10.13.5. CVE-2018-4283: @panicaII working with Trend Micro's Zero Day Initiative

    Kernel Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.5 Impact: Systems using IntelA(r) Core-based microprocessors may potentially allow a local process to infer data utilizing Lazy FP state restore from another process through a speculative execution side channel Description: Lazy FP state restore instead of eager save and restore of the state upon a context switch. Lazy restored states are potentially vulnerable to exploits where one process may infer register values of other processes through a speculative execution side channel that infers their value. CVE-2018-4277: xisigr of Tencent's Xuanwu Lab (tencent.com)

    Additional recognition

    Help Viewer We would like to acknowledge Wojciech ReguAa (@_r3ggi) of SecuRing for their assistance.

    Help Viewer We would like to acknowledge Wojciech ReguAa (@_r3ggi) of SecuRing for their assistance.

    Help Viewer We would like to acknowledge Wojciech ReguAa (@_r3ggi) of SecuRing for their assistance.

    Help Viewer We would like to acknowledge Wojciech ReguAa (@_r3ggi) of SecuRing for their assistance.

    Kernel We would like to acknowledge juwei lin (@panicaII) of Trend Micro working with Trend Micro's Zero Day Initiative for their assistance.

    Security We would like to acknowledge Brad Dahlsten of Iowa State University for their assistance

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "android",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "google",
            "version": "7.1.2"
          },
          {
            "_id": null,
            "model": "android",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "google",
            "version": "8.1"
          },
          {
            "_id": null,
            "model": "android",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "google",
            "version": "6.0.1"
          },
          {
            "_id": null,
            "model": "android",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "google",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "android",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "google",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "android",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "google",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "android",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "google",
            "version": "7.1.1"
          },
          {
            "_id": null,
            "model": "wl18xx bluetooth service pack",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "ti",
            "version": "4.3"
          },
          {
            "_id": null,
            "model": "mac os x",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.13"
          },
          {
            "_id": null,
            "model": "iphone os",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "11.4"
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "android open source",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "broadcom",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cypress semiconductor",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "dell",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "google",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "intel",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "qualcomm incorporated",
            "version": null
          },
          {
            "_id": null,
            "model": "",
            "scope": null,
            "trust": 0.8,
            "vendor": "multiple vendors",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#304725"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-1882"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-005730"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5383"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:misc:multiple_vendors",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-005730"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Ubuntu,Red Hat",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-1882"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2018-5383",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.5,
                "id": "CVE-2018-5383",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "ADJACENT NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT DEFINED",
                "baseScore": 7.3,
                "collateralDamagePotential": "NOT DEFINED",
                "confidentialityImpact": "COMPLETE",
                "confidentialityRequirement": "NOT DEFINED",
                "enviromentalScore": 5.7,
                "exploitability": "PROOF-OF-CONCEPT",
                "exploitabilityScore": 5.5,
                "id": "CVE-2018-5383",
                "impactScore": 9.2,
                "integrityImpact": "COMPLETE",
                "integrityRequirement": "NOT DEFINED",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "remediationLevel": "OFFICIAL FIX",
                "reportConfidence": "CONFIRMED",
                "severity": "HIGH",
                "targetDistribution": "NOT DEFINED",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vector_string": "AV:A/AC:M/Au:N/C:C/I:C/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Adjacent Network",
                "authentication": "None",
                "author": "JPCERT/CC",
                "availabilityImpact": "None",
                "baseScore": 7.3,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2018-005730",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.5,
                "id": "VHN-135414",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:A/AC:M/AU:N/C:P/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.6,
                "id": "CVE-2018-5383",
                "impactScore": 5.2,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT",
                "author": "cret@cert.org",
                "availabilityImpact": "NONE",
                "baseScore": 8.0,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.6,
                "id": "CVE-2018-5383",
                "impactScore": 5.8,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Adjacent Network",
                "author": "JPCERT/CC",
                "availabilityImpact": "None",
                "baseScore": 6.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2018-005730",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-5383",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "cret@cert.org",
                "id": "CVE-2018-5383",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-5383",
                "trust": 0.8,
                "value": "HIGH"
              },
              {
                "author": "JPCERT/CC",
                "id": "JVNDB-2018-005730",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201807-1882",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-135414",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-5383",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#304725"
          },
          {
            "db": "VULHUB",
            "id": "VHN-135414"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-5383"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-1882"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-005730"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5383"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5383"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. Insufficient encryption processing (CWE-325) - CVE-2018-5383 Bluetooth Then, elliptic curve Diffie-Hellman key sharing (ECDH) It defines a device pairing mechanism based on technology. In this method, each pair to be paired prepares a key pair consisting of a private key and a public key. When pairing starts, each other\u0027s public key is exchanged, and each private key is generated using the private key of the other party and the public key of the other party. The parameters of the elliptic curve encryption to be used must be agreed in advance. Bluetooth The specification recommends that you verify that the public key you received from the other party is appropriate, but it was not required. \"Invalid Curve Attack\" Or \"Invalid Point Attack\" In an attack technique called, it is pointed out that searching for a secret key is much easier if a shared key is generated without confirming that the public key received from the other party is appropriate. It is. Some implementations process without verifying the public key received from the other party, Bluetooth If a public key crafted by a third party that exists within the communication distance of is injected, there is a possibility that the secret key is obtained with a high probability. As a result, there is a possibility that the communication contents will be obtained or altered. Secure Connections Pairing Mode and Simple Secure Paring Both modes are affected. Bluetooth SIG Let\u0027s make it necessary to verify the received public key. Bluetooth While updating the specifications of Bluetooth Qualification Program Added a test item in this case. Bluetooth SIG See the announcement. Bluetooth SIG Announcement https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-updateBluetooth Man-in-the-middle attack by third parties within the communication range (man-in-the-middle attack) If this is done, you may be able to obtain the private key used by the device. As a result, communication content between devices may be obtained or falsified. Bluetooth is a wireless technology standard that enables short-range data exchange between fixed and mobile devices and personal area networks in buildings. The following systems are affected: macOS prior to 10.13; macOS High Sierra prior to 11.4; iOS prior to 11.4; Android prior to Patch 2018-06-05. \nCVE-2018-4249: Kevin Backhouse of Semmle Ltd. \nCVE-2018-4240: Sriram (@Sri_Hxor) of PrimeFort Pvt. \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2018-9-17-1 iOS 12\n\niOS 12 is now available and addresses the following:\n\nAccounts\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A local app may be able to read a persistent account\nidentifier\nDescription: This issue was addressed with improved entitlements. \nCVE-2018-4322: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. \n\nBluetooth\nAvailable for: iPhone SE, iPhone 6s, iPhone 6s Plus, iPhone 7,\niPhone 7 Plus, iPad Mini 4, 12.9-inch iPad Pro 1st generation,\n12.9-inch iPad Pro 2nd generation, 10.5-inch iPad Pro,\n9.7-inch iPad Pro, iPad 5th generation, and iPod Touch 6th generation\nImpact: An attacker in a privileged network position may be able to\nintercept Bluetooth traffic\nDescription: An input validation issue existed in Bluetooth. This\nissue was addressed with improved input validation. \nCVE-2018-5383: Lior Neumann and Eli Biham\n\nCore Bluetooth\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4330: Apple\n\nCoreMedia\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An app may be able to learn information about the current\ncamera view before being granted camera access\nDescription: A permissions issue existed. This issue was addressed\nwith improved permission validation. \nCVE-2018-4356: an anonymous researcher\n\nIOMobileFrameBuffer\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2018-4335: Brandon Azad\n\niTunes Store\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An attacker in a privileged network position may be able to\nspoof password prompts in the iTunes Store\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2018-4305: Jerry Decime\n\nKernel\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An application may be able to read restricted memory\nDescription: An input validation issue existed in the kernel. This\nissue was addressed with improved input validation. \nCVE-2018-4363: Ian Beer of Google Project Zero\n\nMessages\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A local user may be able to discover a user\u0027s deleted\nmessages\nDescription: A consistency issue existed in the handling of\napplication snapshots. The issue was addressed with improved handling\nof message deletions. \nCVE-2018-4313: 11 anonymous researchers, David Scott,\nEnes Mert Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi -\nAnkara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l\nUniversity, Metin Altug Karakaya of Kaliptus Medical Organization,\nVinodh Swami of Western Governor\u0027s University (WGU)\n\nNotes\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A local user may be able to discover a user\u0027s deleted notes\nDescription: A consistency issue existed in the handling of\napplication snapshots. The issue was addressed with improved handling\nof notes deletions. \nCVE-2018-4352: an anonymous researcher\n\nSafari\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A local user may be able to discover websites a user has\nvisited\nDescription: A consistency issue existed in the handling of\napplication snapshots. The issue was addressed with improved handling\nof application snapshots. \nCVE-2018-4313: 11 anonymous researchers, David Scott,\nEnes Mert Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi -\nAnkara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l\nUniversity, Metin Altug Karakaya of Kaliptus Medical Organization,\nVinodh Swami of Western Governor\u0027s University (WGU)\n\nSafari\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A user may be unable to delete browsing history items\nDescription: Clearing a history item may not clear visits with\nredirect chains. The issue was addressed with improved data deletion. \nCVE-2018-4329: Hugo S. Diaz (coldpointblue)\n\nSafari\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A malicious website may be able to exfiltrate autofilled data\nin Safari\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2018-4307: Rafay Baloch of Pakistan Telecommunications Authority\n\nSafariViewController\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Visiting a malicious website may lead to address bar spoofing\nDescription: An inconsistent user interface issue was addressed with\nimproved state management. \nCVE-2018-4362: Jun Kokatsu (@shhnjk)\n\nSecurity\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An attacker may be able to exploit weaknesses in the RC4\ncryptographic algorithm\nDescription: This issue was addressed by removing RC4. \nCVE-2016-1777: Pepi Zawodsky\n\nStatus Bar\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A person with physical access to an iOS device may be able to\ndetermine the last used app from the lock screen\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2018-4325: Brian Adeloye\n\nWi-Fi\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2018-4338: Lee @ SECLAB, Yonsei University working with Trend\nMicro\u0027s Zero Day Initiative\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"iOS 12\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAluf5GIACgkQeC9tht7T\nK3G2mg//QBqaVSeHLeqL489OJmSvBtudWIDY1GhHJ5Xc8ox3ILDNLVZeBU+DIpqr\nFb/slmBKhNM69CPf2fGC/Af2h3ZbUYVoANoyWfH+A/PYzFV726w5WHaq4QZndauO\nurHsrE/lH8CvDFS6lzp0OdGV5hVIGQ3hoYiF0lYmIdzCDQYwvFp+pn2I3b37Io8K\n5/cjRiYp+uq2NAKLm6hx8yq0NtYAQyQTsk6ZAsGlilmydLJDGnaeJE80wk7EBd8f\nrkdtqzs5B5ohHVYLcoGgMUrE7qyLpqwXjkfIJO8bkk1IqlbMwjmhOJVRPaHWtj5Y\n8Ouc2ebMfpFimk9+ODBUYMCsQJgQw8P6pW3gfSpiheIOPc65KzoaAdg+nOfmPwJK\nLR9CDMJauwYHf1I2RrMzDBflV1HIPurYciHBZKn6IH4f3KNIu5PGNTnHFgln6MxT\nD11WXuxNfvc2B1hRIRHXD2OB1+rh5Q+tkb+AEauHzIFWgl7otx6EZhiu7W8Mxa22\nk6s/Fo1UZI1GbnNjU9ugEumxH8w0WQNQZOOH3FI07aA7F2FVcTVXL4uaIoHzZR0N\nZmC/RvsQNGmw8L+DRWedEHda/rieAgMHkJxrjF0Day9PqY50YL7F+7qaw2J6Tmpo\nr5jDothh/1TQbkE5G8oOaT3Y3iOtDcMqh0T7jRxIP7awQMKce9M=\n=1Ld6\n-----END PGP SIGNATURE-----\n\n\n\n. \nCVE-2018-5383: Lior Neumann and Eli Biham\n\nThe updates below are available for these Mac models:\nMacBook (Early 2015 and later), MacBook Air (Mid 2012 and later),\nMacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later),\niMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013, Mid 2010, and Mid 2012 models with recommended\nMetal-capable graphics processor, including MSI Gaming Radeon RX 560\nand Sapphire Radeon PULSE RX 580)\n\nApp Store\nImpact: A malicious application may be able to determine the Apple ID\nof the owner of the computer\nDescription: A permissions issue existed in the handling of the Apple\nID. \nCVE-2018-4324: Sergii Kryvoblotskyi of MacPaw Inc. \nCVE-2018-4353: Abhinav Bansal of Zscaler, Inc. \n\nMail\nWe would like to acknowledge Alessandro Avagliano of Rocket Internet\nSE, John Whitehead of The New York Times, Kelvin Delbarre of Omicron\nSoftware Systems, and Zbyszek A\u003e\u003eA3Akiewski for their assistance. \n\nSecurity\nWe would like to acknowledge Christoph Sinai, Daniel Dudek\n(@dannysapples) of The Irish Times and Filip KlubiAka (@lemoncloak)\nof ADAPT Centre, Dublin Institute of Technology, Istvan Csanady of\nShapr3D, Omar Barkawi of ITG Software, Inc., Phil Caleno, Wilson\nDing, and an anonymous researcher for their assistance. =========================================================================\nUbuntu Security Notice USN-4094-1\nAugust 13, 2019\n\nlinux, linux-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-kvm,\nlinux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in the Linux kernel. \n\nSoftware Description:\n- linux: Linux kernel\n- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems\n- linux-gke-4.15: Linux kernel for Google Container Engine (GKE) systems\n- linux-kvm: Linux kernel for cloud environments\n- linux-oem: Linux kernel for OEM processors\n- linux-oracle: Linux kernel for Oracle Cloud systems\n- linux-raspi2: Linux kernel for Raspberry Pi 2\n- linux-snapdragon: Linux kernel for Snapdragon processors\n- linux-azure: Linux kernel for Microsoft Azure Cloud systems\n- linux-hwe: Linux hardware enablement (HWE) kernel\n\nDetails:\n\nIt was discovered that the alarmtimer implementation in the Linux kernel\ncontained an integer overflow vulnerability. A local attacker could use\nthis to cause a denial of service. (CVE-2018-13053)\n\nWen Xu discovered that the XFS filesystem implementation in the Linux\nkernel did not properly track inode validations. An attacker could use this\nto construct a malicious XFS image that, when mounted, could cause a denial\nof service (system crash). (CVE-2018-13093)\n\nWen Xu discovered that the f2fs file system implementation in the\nLinux kernel did not properly validate metadata. An attacker could\nuse this to construct a malicious f2fs image that, when mounted,\ncould cause a denial of service (system crash). (CVE-2018-13097,\nCVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14616,\nCVE-2018-13096, CVE-2018-13098, CVE-2018-14615)\n\nWen Xu and Po-Ning Tseng discovered that btrfs file system\nimplementation in the Linux kernel did not properly validate\nmetadata. An attacker could use this to construct a malicious\nbtrfs image that, when mounted, could cause a denial of service\n(system crash). (CVE-2018-14610, CVE-2018-14611, CVE-2018-14612,\nCVE-2018-14613, CVE-2018-14609)\n\nWen Xu discovered that the HFS+ filesystem implementation in the Linux\nkernel did not properly handle malformed catalog data in some situations. \nAn attacker could use this to construct a malicious HFS+ image that, when\nmounted, could cause a denial of service (system crash). (CVE-2018-14617)\n\nVasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem\nof the Linux kernel did not properly initialize new files in some\nsituations. A local attacker could use this to expose sensitive\ninformation. (CVE-2018-16862)\n\nHui Peng and Mathias Payer discovered that the USB subsystem in the Linux\nkernel did not properly handle size checks when handling an extra USB\ndescriptor. A physically proximate attacker could use this to cause a\ndenial of service (system crash). (CVE-2018-20169)\n\nIt was discovered that a use-after-free error existed in the block layer\nsubsystem of the Linux kernel when certain failure conditions occurred. A\nlocal attacker could possibly use this to cause a denial of service (system\ncrash) or possibly execute arbitrary code. An attacker could use this\nto expose sensitive information. (CVE-2018-5383)\n\nIt was discovered that a heap buffer overflow existed in the Marvell\nWireless LAN device driver for the Linux kernel. An attacker could use this\nto cause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2019-10126)\n\nAndrei Vlad Lutas and Dan Lutas discovered that some x86 processors\nincorrectly handle SWAPGS instructions during speculative execution. A\nlocal attacker could use this to expose sensitive information (kernel\nmemory). (CVE-2019-1125)\n\nIt was discovered that the PowerPC dlpar implementation in the Linux kernel\ndid not properly check for allocation errors in some situations. A local\nattacker could possibly use this to cause a denial of service (system\ncrash). (CVE-2019-12614)\n\nIt was discovered that a NULL pointer dereference vulnerabilty existed in\nthe Near-field communication (NFC) implementation in the Linux kernel. An\nattacker could use this to cause a denial of service (system crash). \n(CVE-2019-12818)\n\nIt was discovered that the MDIO bus devices subsystem in the Linux kernel\nimproperly dropped a device reference in an error condition, leading to a\nuse-after-free. An attacker could use this to cause a denial of service\n(system crash). (CVE-2019-12819)\n\nIt was discovered that a NULL pointer dereference vulnerability existed in\nthe Near-field communication (NFC) implementation in the Linux kernel. A\nlocal attacker could use this to cause a denial of service (system crash). \n(CVE-2019-12984)\n\nJann Horn discovered a use-after-free vulnerability in the Linux kernel\nwhen accessing LDT entries in some situations. A local attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2019-13233)\n\nJann Horn discovered that the ptrace implementation in the Linux kernel did\nnot properly record credentials in some situations. A local attacker could\nuse this to cause a denial of service (system crash) or possibly gain\nadministrative privileges. (CVE-2019-13272)\n\nIt was discovered that the Empia EM28xx DVB USB device driver\nimplementation in the Linux kernel contained a use-after-free vulnerability\nwhen disconnecting the device. An attacker could use this to cause a denial\nof service (system crash). (CVE-2019-2024)\n\nIt was discovered that the USB video device class implementation in the\nLinux kernel did not properly validate control bits, resulting in an out of\nbounds buffer read. A local attacker could use this to possibly expose\nsensitive information (kernel memory). (CVE-2019-2101)\n\nIt was discovered that the Marvell Wireless LAN device driver in the Linux\nkernel did not properly validate the BSS descriptor. A local attacker could\npossibly use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2019-3846)\n\nIt was discovered that the Appletalk IP encapsulation driver in the Linux\nkernel did not properly prevent kernel addresses from being copied to user\nspace. A local attacker with the CAP_NET_ADMIN capability could use this to\nexpose sensitive information. (CVE-2018-20511)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.04 LTS:\n  linux-image-4.15.0-1021-oracle  4.15.0-1021.23\n  linux-image-4.15.0-1040-gcp     4.15.0-1040.42\n  linux-image-4.15.0-1040-gke     4.15.0-1040.42\n  linux-image-4.15.0-1042-kvm     4.15.0-1042.42\n  linux-image-4.15.0-1043-raspi2  4.15.0-1043.46\n  linux-image-4.15.0-1050-oem     4.15.0-1050.57\n  linux-image-4.15.0-1060-snapdragon  4.15.0-1060.66\n  linux-image-4.15.0-58-generic   4.15.0-58.64\n  linux-image-4.15.0-58-generic-lpae  4.15.0-58.64\n  linux-image-4.15.0-58-lowlatency  4.15.0-58.64\n  linux-image-gcp                 4.15.0.1040.42\n  linux-image-generic             4.15.0.58.60\n  linux-image-generic-lpae        4.15.0.58.60\n  linux-image-gke                 4.15.0.1040.43\n  linux-image-gke-4.15            4.15.0.1040.43\n  linux-image-kvm                 4.15.0.1042.42\n  linux-image-lowlatency          4.15.0.58.60\n  linux-image-oem                 4.15.0.1050.54\n  linux-image-oracle              4.15.0.1021.24\n  linux-image-powerpc-e500mc      4.15.0.58.60\n  linux-image-powerpc-smp         4.15.0.58.60\n  linux-image-powerpc64-emb       4.15.0.58.60\n  linux-image-powerpc64-smp       4.15.0.58.60\n  linux-image-raspi2              4.15.0.1043.41\n  linux-image-snapdragon          4.15.0.1060.63\n  linux-image-virtual             4.15.0.58.60\n\nUbuntu 16.04 LTS:\n  linux-image-4.15.0-1021-oracle  4.15.0-1021.23~16.04.1\n  linux-image-4.15.0-1040-gcp     4.15.0-1040.42~16.04.1\n  linux-image-4.15.0-1055-azure   4.15.0-1055.60\n  linux-image-4.15.0-58-generic   4.15.0-58.64~16.04.1\n  linux-image-4.15.0-58-generic-lpae  4.15.0-58.64~16.04.1\n  linux-image-4.15.0-58-lowlatency  4.15.0-58.64~16.04.1\n  linux-image-azure               4.15.0.1055.58\n  linux-image-gcp                 4.15.0.1040.54\n  linux-image-generic-hwe-16.04   4.15.0.58.79\n  linux-image-generic-lpae-hwe-16.04  4.15.0.58.79\n  linux-image-gke                 4.15.0.1040.54\n  linux-image-lowlatency-hwe-16.04  4.15.0.58.79\n  linux-image-oem                 4.15.0.58.79\n  linux-image-oracle              4.15.0.1021.15\n  linux-image-virtual-hwe-16.04   4.15.0.58.79\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. \n\nReferences:\n  https://usn.ubuntu.com/4094-1\n  CVE-2018-13053, CVE-2018-13093, CVE-2018-13096, CVE-2018-13097,\n  CVE-2018-13098, CVE-2018-13099, CVE-2018-13100, CVE-2018-14609,\n  CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613,\n  CVE-2018-14614, CVE-2018-14615, CVE-2018-14616, CVE-2018-14617,\n  CVE-2018-16862, CVE-2018-20169, CVE-2018-20511, CVE-2018-20856,\n  CVE-2018-5383, CVE-2019-10126, CVE-2019-1125, CVE-2019-12614,\n  CVE-2019-12818, CVE-2019-12819, CVE-2019-12984, CVE-2019-13233,\n  CVE-2019-13272, CVE-2019-2024, CVE-2019-2101, CVE-2019-3846\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/linux/4.15.0-58.64\n  https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1040.42\n  https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1040.42\n  https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1042.42\n  https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1050.57\n  https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1021.23\n  https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1043.46\n  https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1060.66\n  https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1055.60\n  https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1040.42~16.04.1\n  https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-58.64~16.04.1\n  https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1021.23~16.04.1\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2018-7-23-1 Additional information for APPLE-SA-2018-7-9-4\nmacOS High Sierra 10.13.6, Security Update 2018-004 Sierra,\nSecurity Update 2018-004 El Capitan\n\nmacOS High Sierra 10.13.6, Security Update 2018-004 Sierra, and\nSecurity Update 2018-004 El Capitan address the following:\n\nAMD\nAvailable for: macOS High Sierra 10.13.5\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: An information disclosure issue was addressed by\nremoving the vulnerable code. \nCVE-2018-4285: Mohamed Ghannam (@_simo36)\n\nBluetooth\nAvailable for: MacBook Pro (15-inch, 2018), and MacBook Pro\n(13-inch, 2018, Four Thunderbolt 3 Ports)\nOther Mac models were addressed with macOS High Sierra 10.13.5. \nCVE-2018-4283: @panicaII working with Trend Micro\u0027s Zero Day\nInitiative\n\nKernel\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS\nHigh Sierra 10.13.5\nImpact: Systems using IntelA(r) Core-based microprocessors may\npotentially allow a local process to infer data utilizing Lazy FP\nstate restore from another process through a speculative execution\nside channel\nDescription: Lazy FP state restore instead of eager save and restore\nof the state upon a context switch. Lazy restored states are\npotentially vulnerable to exploits where one process may infer\nregister values of other processes through a speculative execution\nside channel that infers their value. \nCVE-2018-4277: xisigr of Tencent\u0027s Xuanwu Lab (tencent.com)\n\nAdditional recognition\n\nHelp Viewer\nWe would like to acknowledge Wojciech ReguAa (@_r3ggi) of SecuRing\nfor their assistance. \n\nHelp Viewer\nWe would like to acknowledge Wojciech ReguAa (@_r3ggi) of SecuRing\nfor their assistance. \n\nHelp Viewer\nWe would like to acknowledge Wojciech ReguAa (@_r3ggi) of SecuRing\nfor their assistance. \n\nHelp Viewer\nWe would like to acknowledge Wojciech ReguAa (@_r3ggi) of SecuRing\nfor their assistance. \n\nKernel\nWe would like to acknowledge juwei lin (@panicaII) of Trend Micro\nworking with Trend Micro\u0027s Zero Day Initiative for their\nassistance. \n\nSecurity\nWe would like to acknowledge Brad Dahlsten of Iowa State University\nfor their assistance",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-5383"
          },
          {
            "db": "CERT/CC",
            "id": "VU#304725"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-005730"
          },
          {
            "db": "VULHUB",
            "id": "VHN-135414"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-5383"
          },
          {
            "db": "PACKETSTORM",
            "id": "157598"
          },
          {
            "db": "PACKETSTORM",
            "id": "148645"
          },
          {
            "db": "PACKETSTORM",
            "id": "149400"
          },
          {
            "db": "PACKETSTORM",
            "id": "149410"
          },
          {
            "db": "PACKETSTORM",
            "id": "149510"
          },
          {
            "db": "PACKETSTORM",
            "id": "154043"
          },
          {
            "db": "PACKETSTORM",
            "id": "148641"
          }
        ],
        "trust": 3.15
      },
      "exploit_availability": {
        "_id": null,
        "data": [
          {
            "reference": "https://www.kb.cert.org/vuls/id/304725",
            "trust": 0.8,
            "type": "poc"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#304725"
          }
        ]
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#304725",
            "trust": 3.4
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5383",
            "trust": 3.3
          },
          {
            "db": "SECTRACK",
            "id": "1041432",
            "trust": 1.8
          },
          {
            "db": "BID",
            "id": "104879",
            "trust": 1.8
          },
          {
            "db": "PACKETSTORM",
            "id": "157598",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU92767028",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-005730",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "153946",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-1882",
            "trust": 0.7
          },
          {
            "db": "LENOVO",
            "id": "LEN-22233",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1612",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.1111",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.2932",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.0501.2",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.0559",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "154044",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154049",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-135414",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-5383",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "148645",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "149400",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "149410",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "149510",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154043",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "148641",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#304725"
          },
          {
            "db": "VULHUB",
            "id": "VHN-135414"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-5383"
          },
          {
            "db": "PACKETSTORM",
            "id": "157598"
          },
          {
            "db": "PACKETSTORM",
            "id": "148645"
          },
          {
            "db": "PACKETSTORM",
            "id": "149400"
          },
          {
            "db": "PACKETSTORM",
            "id": "149410"
          },
          {
            "db": "PACKETSTORM",
            "id": "149510"
          },
          {
            "db": "PACKETSTORM",
            "id": "154043"
          },
          {
            "db": "PACKETSTORM",
            "id": "148641"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-1882"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-005730"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5383"
          }
        ]
      },
      "id": "VAR-201808-1004",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-135414"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2026-03-09T21:37:45.715000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Bluetooth Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82629"
          },
          {
            "title": "Red Hat: Important: linux-firmware security, bug fix, and enhancement update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192169 - Security Advisory"
          },
          {
            "title": "Ubuntu Security Notice: linux-firmware vulnerability",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4351-1"
          },
          {
            "title": "Red Hat: CVE-2018-5383",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2018-5383"
          },
          {
            "title": "HP: HPSBHF03585 rev. 1 - Bluetooth Pairing Vulnerability",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=HPSBHF03585"
          },
          {
            "title": "Ubuntu Security Notice: linux-lts-xenial, linux-aws vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4095-2"
          },
          {
            "title": "Ubuntu Security Notice: linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4095-1"
          },
          {
            "title": "Android Security Bulletins: Android Security Bulletin\u2014August 2018",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=746dc14fcd3f5e139648cfdc9d9039a9"
          },
          {
            "title": "Apple: watchOS 4.3.1",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=0f4c2f01c97a0857022a69b5486be838"
          },
          {
            "title": "Apple: tvOS 11.4",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=d2d0b1ec71830547fb971d63ee3beadb"
          },
          {
            "title": "Android Security Bulletins: Android Security Bulletin\u2014June 2018",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=cc496c56e2bf669809bfb568f59af8e1"
          },
          {
            "title": "Apple: macOS Mojave 10.14",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=b8d65830dc3366732d9f4a144cde5cf4"
          },
          {
            "title": "Apple: tvOS 12",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=cffdc08d95a71866e104f27dafdf5818"
          },
          {
            "title": "Apple: macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=f93fc5c87ddc6e336e7b02ff3308dfe6"
          },
          {
            "title": "Apple: macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=6271728c896ad06d4d117e77589eea2f"
          },
          {
            "title": "Apple: iOS 11.4",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=0f3db097f895347566033494c2dda90b"
          },
          {
            "title": "Ubuntu Security Notice: linux, linux-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4094-1"
          },
          {
            "title": "Apple: iOS 12",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=9859610dae22b7395b3a00be201bcefb"
          },
          {
            "title": "Ubuntu Security Notice: linux-aws vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4118-1"
          },
          {
            "title": "broadcom-bt-firmware",
            "trust": 0.1,
            "url": "https://github.com/winterheart/broadcom-bt-firmware "
          },
          {
            "title": "awesome-bluetooth-security",
            "trust": 0.1,
            "url": "https://github.com/engn33r/awesome-bluetooth-security "
          },
          {
            "title": "SamsungReleaseNotes",
            "trust": 0.1,
            "url": "https://github.com/samreleasenotes/SamsungReleaseNotes "
          },
          {
            "title": "welivesecurity",
            "trust": 0.1,
            "url": "https://www.welivesecurity.com/2018/07/24/bluetooth-bug-expose-devices/"
          },
          {
            "title": "The Register",
            "trust": 0.1,
            "url": "https://www.theregister.co.uk/2018/07/24/bluetooth_cryptography_bug/"
          },
          {
            "title": "BleepingComputer",
            "trust": 0.1,
            "url": "https://www.bleepingcomputer.com/news/security/many-bluetooth-implementations-and-os-drivers-affected-by-crypto-bug/"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2018-5383"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-1882"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-347",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-325",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-310",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-135414"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5383"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 3.4,
            "url": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update"
          },
          {
            "trust": 2.7,
            "url": "https://www.kb.cert.org/vuls/id/304725"
          },
          {
            "trust": 2.6,
            "url": "http://www.cs.technion.ac.il/~biham/bt/"
          },
          {
            "trust": 2.5,
            "url": "https://access.redhat.com/errata/rhsa-2019:2169"
          },
          {
            "trust": 2.4,
            "url": "http://www.securityfocus.com/bid/104879"
          },
          {
            "trust": 2.4,
            "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html"
          },
          {
            "trust": 2.4,
            "url": "https://usn.ubuntu.com/4095-1/"
          },
          {
            "trust": 2.4,
            "url": "https://usn.ubuntu.com/4095-2/"
          },
          {
            "trust": 1.8,
            "url": "http://www.securitytracker.com/id/1041432"
          },
          {
            "trust": 1.8,
            "url": "https://usn.ubuntu.com/4094-1/"
          },
          {
            "trust": 1.8,
            "url": "https://usn.ubuntu.com/4118-1/"
          },
          {
            "trust": 1.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5383"
          },
          {
            "trust": 1.3,
            "url": "https://usn.ubuntu.com/4351-1/"
          },
          {
            "trust": 0.8,
            "url": "http://www.cs.technion.ac.il/~biham/bt"
          },
          {
            "trust": 0.8,
            "url": "http://cwe.mitre.org/data/definitions/325.html"
          },
          {
            "trust": 0.8,
            "url": "https://source.android.com/security/bulletin/2018-06-01"
          },
          {
            "trust": 0.8,
            "url": "https://support.apple.com/en-us/ht208848"
          },
          {
            "trust": 0.8,
            "url": "https://source.android.com/security/bulletin/pixel/2018-06-01"
          },
          {
            "trust": 0.8,
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00128.html"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5383"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu92767028/index.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190466-1/"
          },
          {
            "trust": 0.6,
            "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190422-1/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.2932/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/75986"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/bluetooth-firmware-information-disclosure-via-weak-elliptic-curve-parameters-28536"
          },
          {
            "trust": 0.6,
            "url": "https://support.lenovo.com/us/en/product_security/len-22233"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/157598/ubuntu-security-notice-usn-4351-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/75750"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/78314"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/153946/red-hat-security-advisory-2019-2169-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1612/"
          },
          {
            "trust": 0.5,
            "url": "https://support.apple.com/kb/ht201222"
          },
          {
            "trust": 0.5,
            "url": "https://www.apple.com/support/security/pgp/"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1777"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4363"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4305"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4313"
          },
          {
            "trust": 0.2,
            "url": "https://support.apple.com/downloads/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/347.html"
          },
          {
            "trust": 0.1,
            "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=58464"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://usn.ubuntu.com/4351-1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-firmware/1.157.23"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-firmware/1.173.18"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4225"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4233"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/kb/ht204641"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4249"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4235"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4246"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4243"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4214"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4224"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4198"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4192"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4201"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4222"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4240"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4237"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4223"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4206"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4226"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4211"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4241"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4218"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4307"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4329"
          },
          {
            "trust": 0.1,
            "url": "https://www.apple.com/itunes/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4322"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4335"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4330"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4356"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4338"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4325"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4352"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4362"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4333"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4336"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4324"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4321"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4353"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4344"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1125"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16862"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-2024"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1021.23"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14610"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20856"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1050.57"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1040.42~16.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12818"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-2101"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13233"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1021.23~16.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-13098"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14609"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12819"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-13093"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20169"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14614"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3846"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1043.46"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12614"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13272"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1042.42"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-13053"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1040.42"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1040.42"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10126"
          },
          {
            "trust": 0.1,
            "url": "https://usn.ubuntu.com/4094-1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1055.60"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux/4.15.0-58.64"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-13099"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-58.64~16.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20511"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1060.66"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-13100"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-13096"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14613"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12984"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14617"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3665"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4248"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4269"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4178"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4285"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4289"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4293"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4268"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4277"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4283"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4280"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#304725"
          },
          {
            "db": "VULHUB",
            "id": "VHN-135414"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-5383"
          },
          {
            "db": "PACKETSTORM",
            "id": "157598"
          },
          {
            "db": "PACKETSTORM",
            "id": "148645"
          },
          {
            "db": "PACKETSTORM",
            "id": "149400"
          },
          {
            "db": "PACKETSTORM",
            "id": "149410"
          },
          {
            "db": "PACKETSTORM",
            "id": "149510"
          },
          {
            "db": "PACKETSTORM",
            "id": "154043"
          },
          {
            "db": "PACKETSTORM",
            "id": "148641"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-1882"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-005730"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5383"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#304725",
            "ident": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-135414",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-5383",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "157598",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "148645",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "149400",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "149410",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "149510",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "154043",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "148641",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-1882",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-005730",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5383",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2018-07-23T00:00:00",
            "db": "CERT/CC",
            "id": "VU#304725",
            "ident": null
          },
          {
            "date": "2018-08-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-135414",
            "ident": null
          },
          {
            "date": "2018-08-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-5383",
            "ident": null
          },
          {
            "date": "2020-05-07T15:27:24",
            "db": "PACKETSTORM",
            "id": "157598",
            "ident": null
          },
          {
            "date": "2018-07-23T15:22:22",
            "db": "PACKETSTORM",
            "id": "148645",
            "ident": null
          },
          {
            "date": "2018-09-17T22:22:22",
            "db": "PACKETSTORM",
            "id": "149400",
            "ident": null
          },
          {
            "date": "2018-09-18T02:23:50",
            "db": "PACKETSTORM",
            "id": "149410",
            "ident": null
          },
          {
            "date": "2018-09-25T16:20:37",
            "db": "PACKETSTORM",
            "id": "149510",
            "ident": null
          },
          {
            "date": "2019-08-13T17:45:00",
            "db": "PACKETSTORM",
            "id": "154043",
            "ident": null
          },
          {
            "date": "2018-07-23T13:01:11",
            "db": "PACKETSTORM",
            "id": "148641",
            "ident": null
          },
          {
            "date": "2018-07-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201807-1882",
            "ident": null
          },
          {
            "date": "2018-07-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-005730",
            "ident": null
          },
          {
            "date": "2018-08-07T21:29:00.287000",
            "db": "NVD",
            "id": "CVE-2018-5383",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2018-08-17T00:00:00",
            "db": "CERT/CC",
            "id": "VU#304725",
            "ident": null
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-135414",
            "ident": null
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-5383",
            "ident": null
          },
          {
            "date": "2020-05-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201807-1882",
            "ident": null
          },
          {
            "date": "2019-07-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-005730",
            "ident": null
          },
          {
            "date": "2026-03-05T18:54:32.250000",
            "db": "NVD",
            "id": "CVE-2018-5383",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-1882"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#304725"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "data forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-1882"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202105-0146

    Vulnerability from variot - Updated: 2026-03-05 21:09

    Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time. Devices supporting the Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure that could allow an attacker to impersonate a legitimate device during pairing.CVE- 2020-26556 Not Affected Vendor Statement: Android does not support Bluetooth Mesh so is not vulnerable. CVE-2020-26555 Affected Vendor Statement: Android has assessed this issue as High severity for Android OS and will be issuing a patch for this vulnerability in an upcoming Android security bulletin. CVE-2020-26557 Not Affected Vendor Statement: Android does not support Bluetooth Mesh so is not vulnerable. CVE-2020-26558 Affected Vendor Statement: Android has reviewed this report and assessed this vulnerability as having impact on Android OS. We will be issuing a patch for this vulnerability in an upcoming Android security bulletin. CVE-2020-26559 Not Affected Vendor Statement: Android does not support Bluetooth Mesh so is not vulnerable. CVE-2020-26560 Not Affected Vendor Statement: Android does not support Bluetooth Mesh so is not vulnerable. VU#799380.5 Affected Vendor Statement: Our assessment of this report is that it is of negligible security impact on Android.CVE- 2020-26556 Not Affected Vendor Statement: Android does not support Bluetooth Mesh so is not vulnerable. CVE-2020-26555 Affected Vendor Statement: Android has assessed this issue as High severity for Android OS and will be issuing a patch for this vulnerability in an upcoming Android security bulletin. CVE-2020-26557 Not Affected Vendor Statement: Android does not support Bluetooth Mesh so is not vulnerable. CVE-2020-26558 Affected Vendor Statement: Android has reviewed this report and assessed this vulnerability as having impact on Android OS. We will be issuing a patch for this vulnerability in an upcoming Android security bulletin. CVE-2020-26559 Not Affected Vendor Statement: Android does not support Bluetooth Mesh so is not vulnerable. CVE-2020-26560 Not Affected Vendor Statement: Android does not support Bluetooth Mesh so is not vulnerable. VU#799380.5 Affected Vendor Statement: Our assessment of this report is that it is of negligible security impact on Android. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202209-16


                                           https://security.gentoo.org/
    

    Severity: High Title: BlueZ: Multiple Vulnerabilities Date: September 29, 2022 Bugs: #797712, #835077 ID: 202209-16


    Synopsis

    Multiple vulnerabilities have been discovered in BlueZ, the worst of which could result in arbitrary code execution.

    Background

    BlueZ is the canonical bluetooth tools and system daemons package for Linux.

    Affected packages

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
    

    1 net-wireless/bluez < 5.63 >= 5.63

    Description

    Multiple vulnerabilities have been discovered in BlueZ. Please review the CVE identifiers referenced below for details.

    Impact

    Please review the referenced CVE identifiers for details.

    Workaround

    There is no known workaround at this time.

    Resolution

    All BlueZ users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=net-wireless/bluez-5.63"

    References

    [ 1 ] CVE-2020-26558 https://nvd.nist.gov/vuln/detail/CVE-2020-26558 [ 2 ] CVE-2021-0129 https://nvd.nist.gov/vuln/detail/CVE-2021-0129 [ 3 ] CVE-2021-3588 https://nvd.nist.gov/vuln/detail/CVE-2021-3588 [ 4 ] CVE-2022-0204 https://nvd.nist.gov/vuln/detail/CVE-2022-0204

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    https://security.gentoo.org/glsa/202209-16

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Moderate: bluez security update Advisory ID: RHSA-2021:4432-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4432 Issue date: 2021-11-09 CVE Names: CVE-2020-26558 ==================================================================== 1. Summary:

    An update for bluez is now available for Red Hat Enterprise Linux 8.

    Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64

    1. Description:

    The bluez packages contain the following utilities for use in Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start scripts (Red Hat), and pcmcia configuration files.

    Security Fix(es):

    • bluez: Passkey Entry protocol of the Bluetooth Core is vulnerable to an impersonation attack (CVE-2020-26558)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    1. Package List:

    Red Hat Enterprise Linux AppStream (v. 8):

    aarch64: bluez-cups-5.56-1.el8.aarch64.rpm bluez-cups-debuginfo-5.56-1.el8.aarch64.rpm bluez-debuginfo-5.56-1.el8.aarch64.rpm bluez-debugsource-5.56-1.el8.aarch64.rpm bluez-hid2hci-debuginfo-5.56-1.el8.aarch64.rpm bluez-libs-debuginfo-5.56-1.el8.aarch64.rpm bluez-obexd-debuginfo-5.56-1.el8.aarch64.rpm

    ppc64le: bluez-cups-5.56-1.el8.ppc64le.rpm bluez-cups-debuginfo-5.56-1.el8.ppc64le.rpm bluez-debuginfo-5.56-1.el8.ppc64le.rpm bluez-debugsource-5.56-1.el8.ppc64le.rpm bluez-hid2hci-debuginfo-5.56-1.el8.ppc64le.rpm bluez-libs-debuginfo-5.56-1.el8.ppc64le.rpm bluez-obexd-debuginfo-5.56-1.el8.ppc64le.rpm

    s390x: bluez-cups-5.56-1.el8.s390x.rpm bluez-cups-debuginfo-5.56-1.el8.s390x.rpm bluez-debuginfo-5.56-1.el8.s390x.rpm bluez-debugsource-5.56-1.el8.s390x.rpm bluez-hid2hci-debuginfo-5.56-1.el8.s390x.rpm bluez-libs-debuginfo-5.56-1.el8.s390x.rpm bluez-obexd-debuginfo-5.56-1.el8.s390x.rpm

    x86_64: bluez-cups-5.56-1.el8.x86_64.rpm bluez-cups-debuginfo-5.56-1.el8.x86_64.rpm bluez-debuginfo-5.56-1.el8.x86_64.rpm bluez-debugsource-5.56-1.el8.x86_64.rpm bluez-hid2hci-debuginfo-5.56-1.el8.x86_64.rpm bluez-libs-debuginfo-5.56-1.el8.x86_64.rpm bluez-obexd-debuginfo-5.56-1.el8.x86_64.rpm

    Red Hat Enterprise Linux BaseOS (v. 8):

    Source: bluez-5.56-1.el8.src.rpm

    aarch64: bluez-5.56-1.el8.aarch64.rpm bluez-cups-debuginfo-5.56-1.el8.aarch64.rpm bluez-debuginfo-5.56-1.el8.aarch64.rpm bluez-debugsource-5.56-1.el8.aarch64.rpm bluez-hid2hci-5.56-1.el8.aarch64.rpm bluez-hid2hci-debuginfo-5.56-1.el8.aarch64.rpm bluez-libs-5.56-1.el8.aarch64.rpm bluez-libs-debuginfo-5.56-1.el8.aarch64.rpm bluez-obexd-5.56-1.el8.aarch64.rpm bluez-obexd-debuginfo-5.56-1.el8.aarch64.rpm

    ppc64le: bluez-5.56-1.el8.ppc64le.rpm bluez-cups-debuginfo-5.56-1.el8.ppc64le.rpm bluez-debuginfo-5.56-1.el8.ppc64le.rpm bluez-debugsource-5.56-1.el8.ppc64le.rpm bluez-hid2hci-5.56-1.el8.ppc64le.rpm bluez-hid2hci-debuginfo-5.56-1.el8.ppc64le.rpm bluez-libs-5.56-1.el8.ppc64le.rpm bluez-libs-debuginfo-5.56-1.el8.ppc64le.rpm bluez-obexd-5.56-1.el8.ppc64le.rpm bluez-obexd-debuginfo-5.56-1.el8.ppc64le.rpm

    s390x: bluez-5.56-1.el8.s390x.rpm bluez-cups-debuginfo-5.56-1.el8.s390x.rpm bluez-debuginfo-5.56-1.el8.s390x.rpm bluez-debugsource-5.56-1.el8.s390x.rpm bluez-hid2hci-5.56-1.el8.s390x.rpm bluez-hid2hci-debuginfo-5.56-1.el8.s390x.rpm bluez-libs-5.56-1.el8.s390x.rpm bluez-libs-debuginfo-5.56-1.el8.s390x.rpm bluez-obexd-5.56-1.el8.s390x.rpm bluez-obexd-debuginfo-5.56-1.el8.s390x.rpm

    x86_64: bluez-5.56-1.el8.x86_64.rpm bluez-cups-debuginfo-5.56-1.el8.i686.rpm bluez-cups-debuginfo-5.56-1.el8.x86_64.rpm bluez-debuginfo-5.56-1.el8.i686.rpm bluez-debuginfo-5.56-1.el8.x86_64.rpm bluez-debugsource-5.56-1.el8.i686.rpm bluez-debugsource-5.56-1.el8.x86_64.rpm bluez-hid2hci-5.56-1.el8.x86_64.rpm bluez-hid2hci-debuginfo-5.56-1.el8.i686.rpm bluez-hid2hci-debuginfo-5.56-1.el8.x86_64.rpm bluez-libs-5.56-1.el8.i686.rpm bluez-libs-5.56-1.el8.x86_64.rpm bluez-libs-debuginfo-5.56-1.el8.i686.rpm bluez-libs-debuginfo-5.56-1.el8.x86_64.rpm bluez-obexd-5.56-1.el8.x86_64.rpm bluez-obexd-debuginfo-5.56-1.el8.i686.rpm bluez-obexd-debuginfo-5.56-1.el8.x86_64.rpm

    Red Hat Enterprise Linux CRB (v. 8):

    aarch64: bluez-cups-debuginfo-5.56-1.el8.aarch64.rpm bluez-debuginfo-5.56-1.el8.aarch64.rpm bluez-debugsource-5.56-1.el8.aarch64.rpm bluez-hid2hci-debuginfo-5.56-1.el8.aarch64.rpm bluez-libs-debuginfo-5.56-1.el8.aarch64.rpm bluez-libs-devel-5.56-1.el8.aarch64.rpm bluez-obexd-debuginfo-5.56-1.el8.aarch64.rpm

    ppc64le: bluez-cups-debuginfo-5.56-1.el8.ppc64le.rpm bluez-debuginfo-5.56-1.el8.ppc64le.rpm bluez-debugsource-5.56-1.el8.ppc64le.rpm bluez-hid2hci-debuginfo-5.56-1.el8.ppc64le.rpm bluez-libs-debuginfo-5.56-1.el8.ppc64le.rpm bluez-libs-devel-5.56-1.el8.ppc64le.rpm bluez-obexd-debuginfo-5.56-1.el8.ppc64le.rpm

    s390x: bluez-cups-debuginfo-5.56-1.el8.s390x.rpm bluez-debuginfo-5.56-1.el8.s390x.rpm bluez-debugsource-5.56-1.el8.s390x.rpm bluez-hid2hci-debuginfo-5.56-1.el8.s390x.rpm bluez-libs-debuginfo-5.56-1.el8.s390x.rpm bluez-libs-devel-5.56-1.el8.s390x.rpm bluez-obexd-debuginfo-5.56-1.el8.s390x.rpm

    x86_64: bluez-cups-debuginfo-5.56-1.el8.i686.rpm bluez-cups-debuginfo-5.56-1.el8.x86_64.rpm bluez-debuginfo-5.56-1.el8.i686.rpm bluez-debuginfo-5.56-1.el8.x86_64.rpm bluez-debugsource-5.56-1.el8.i686.rpm bluez-debugsource-5.56-1.el8.x86_64.rpm bluez-hid2hci-debuginfo-5.56-1.el8.i686.rpm bluez-hid2hci-debuginfo-5.56-1.el8.x86_64.rpm bluez-libs-debuginfo-5.56-1.el8.i686.rpm bluez-libs-debuginfo-5.56-1.el8.x86_64.rpm bluez-libs-devel-5.56-1.el8.i686.rpm bluez-libs-devel-5.56-1.el8.x86_64.rpm bluez-obexd-debuginfo-5.56-1.el8.i686.rpm bluez-obexd-debuginfo-5.56-1.el8.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBYYrdt9zjgjWX9erEAQj3Kg//RFuvdDqQfdw3Wm00uS+qmxOaUzvG5OVO XrSpoMb5VcrJRKTBY3u4ObfU1+yGJ5iF2wGwxgu6QF4tLUwC/OPSCgvS0lifTcEy OkvBnkR06tBsGTjBmN8wyHQTEGVdFLlFU+sbC+yKjHmF31o6ZgDD7VZV/wuzqSGk ZPR39CzfnnnTzLz2QvrYJZZ/tpgvS5qOTebP/qEmQCuwmRJeTaY+pgj28e8njQjU NMqAcR7/kPX6LIYzdhQgEOCWZ9imxjoYAwY/VMu9T23zuyTkRTQtCC8Q5GJgATRV qD4adxIeyJSvvMzJf6VkvzXu32AWira9oFgFPiYwjEYVJcMmGKZGJx94a1mu2Rs8 TFi3+iuVAdHE1S9NJ54nfxkjnVs6XKDIITNIZkl+isfQEtkkUBfeVcK6U/57wCKN jgvUtrcQpqNH86x3Uu4W//eFlXQrbfzsogDx10d/jSk+PPg60mP6Fzcad8PTgr/H vZygkT1bLbY7lOXejiVnJ8+otIv7tK+XzajDvQwgwC+9IigncMygiSS0SelVht4U rvdqIKs2btFOBk+GhUzEMogaGFDqRUpFKIEFFVtL6d3Uvr4rgDHjMewKdU9v11ED 94Cg3wX0XFYvrnRS1Lxx9m1vuWtevD4EyZLSxcAEMLSXEMoa2c8f7Y6gxb7PGAKb irY79RTeDm4=R6rn -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce .

    Original advisory details:

    It was discovered that BlueZ incorrectly checked certain permissions when pairing. (CVE-2020-26558)

    Jay LV discovered that BlueZ incorrectly handled redundant disconnect MGMT events. ========================================================================== Ubuntu Security Notice USN-5018-1 July 20, 2021

    linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities ==========================================================================

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 18.04 LTS
    • Ubuntu 16.04 ESM
    • Ubuntu 14.04 ESM

    Summary:

    Several security issues were fixed in the Linux kernel.

    Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems - linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems - linux-kvm: Linux kernel for cloud environments - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi2: Linux kernel for Raspberry Pi (V8) systems - linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors - linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-hwe: Linux hardware enablement (HWE) kernel

    Details:

    It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-33909)

    Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly enforce limits for pointer operations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33200)

    Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation did not properly clear received fragments from memory in some situations. A physically proximate attacker could possibly use this issue to inject packets or expose sensitive information. (CVE-2020-24586)

    Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation incorrectly handled encrypted fragments. A physically proximate attacker could possibly use this issue to decrypt fragments. (CVE-2020-24587)

    Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation incorrectly handled EAPOL frames from unauthenticated senders. A physically proximate attacker could inject malicious packets to cause a denial of service (system crash). (CVE-2020-26139)

    Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation could reassemble mixed encrypted and plaintext fragments. A physically proximate attacker could possibly use this issue to inject packets or exfiltrate selected fragments. (CVE-2020-26147)

    It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. (CVE-2020-26558, CVE-2021-0129)

    Or Cohen and Nadav Markus discovered a use-after-free vulnerability in the nfc implementation in the Linux kernel. A privileged local attacker could use this issue to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-23134)

    Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly prevent speculative loads in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-31829)

    It was discovered that a race condition in the kernel Bluetooth subsystem could lead to use-after-free of slab objects. An attacker could use this issue to possibly execute arbitrary code. (CVE-2021-32399)

    It was discovered that a use-after-free existed in the Bluetooth HCI driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33034)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 18.04 LTS: linux-image-4.15.0-1078-oracle 4.15.0-1078.86 linux-image-4.15.0-1092-raspi2 4.15.0-1092.98 linux-image-4.15.0-1097-kvm 4.15.0-1097.99 linux-image-4.15.0-1106-gcp 4.15.0-1106.120 linux-image-4.15.0-1109-aws 4.15.0-1109.116 linux-image-4.15.0-1109-snapdragon 4.15.0-1109.118 linux-image-4.15.0-1121-azure 4.15.0-1121.134 linux-image-4.15.0-151-generic 4.15.0-151.157 linux-image-4.15.0-151-generic-lpae 4.15.0-151.157 linux-image-4.15.0-151-lowlatency 4.15.0-151.157 linux-image-aws-lts-18.04 4.15.0.1109.112 linux-image-azure-lts-18.04 4.15.0.1121.94 linux-image-gcp-lts-18.04 4.15.0.1106.125 linux-image-generic 4.15.0.151.139 linux-image-generic-lpae 4.15.0.151.139 linux-image-kvm 4.15.0.1097.93 linux-image-lowlatency 4.15.0.151.139 linux-image-oracle-lts-18.04 4.15.0.1078.88 linux-image-raspi2 4.15.0.1092.90 linux-image-snapdragon 4.15.0.1109.112 linux-image-virtual 4.15.0.151.139

    Ubuntu 16.04 ESM: linux-image-4.15.0-1078-oracle 4.15.0-1078.86~16.04.1 linux-image-4.15.0-1106-gcp 4.15.0-1106.120~16.04.1 linux-image-4.15.0-1109-aws 4.15.0-1109.116~16.04.1 linux-image-4.15.0-1121-azure 4.15.0-1121.134~16.04.1 linux-image-4.15.0-151-generic 4.15.0-151.157~16.04.1 linux-image-4.15.0-151-lowlatency 4.15.0-151.157~16.04.1 linux-image-aws-hwe 4.15.0.1109.100 linux-image-azure 4.15.0.1121.112 linux-image-gcp 4.15.0.1106.107 linux-image-generic-hwe-16.04 4.15.0.151.146 linux-image-gke 4.15.0.1106.107 linux-image-lowlatency-hwe-16.04 4.15.0.151.146 linux-image-oem 4.15.0.151.146 linux-image-oracle 4.15.0.1078.66 linux-image-virtual-hwe-16.04 4.15.0.151.146

    Ubuntu 14.04 ESM: linux-image-4.15.0-1121-azure 4.15.0-1121.134~14.04.1 linux-image-azure 4.15.0.1121.94

    After a standard system update you need to reboot your computer to make all the necessary changes.

    ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

    References: https://ubuntu.com/security/notices/USN-5018-1 CVE-2020-24586, CVE-2020-24587, CVE-2020-26139, CVE-2020-26147, CVE-2020-26558, CVE-2021-0129, CVE-2021-23134, CVE-2021-31829, CVE-2021-32399, CVE-2021-33034, CVE-2021-33200, CVE-2021-33909

    Package Information: https://launchpad.net/ubuntu/+source/linux/4.15.0-151.157 https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1109.116 https://launchpad.net/ubuntu/+source/linux-azure-4.15/4.15.0-1121.134 https://launchpad.net/ubuntu/+source/linux-gcp-4.15/4.15.0-1106.120 https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1097.99 https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1078.86 https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1092.98 https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1109.118 . (CVE-2020-26558, CVE-2021-0129)

    Michael Brown discovered that the Xen netback driver in the Linux kernel did not properly handle malformed packets from a network PV frontend, leading to a use-after-free vulnerability

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202105-0146",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ac 3165",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "intel",
            "version": null
          },
          {
            "model": "ax200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "intel",
            "version": null
          },
          {
            "model": "kernel",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "linux",
            "version": "5.13"
          },
          {
            "model": "core specification",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "bluetooth",
            "version": "5.2"
          },
          {
            "model": "ac 9260",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "intel",
            "version": null
          },
          {
            "model": "ac 3168",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "intel",
            "version": null
          },
          {
            "model": "ac 7265",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "intel",
            "version": null
          },
          {
            "model": "ax210",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "intel",
            "version": null
          },
          {
            "model": "ac 9462",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "intel",
            "version": null
          },
          {
            "model": "ax201",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "intel",
            "version": null
          },
          {
            "model": "ac 8260",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "intel",
            "version": null
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "9.0"
          },
          {
            "model": "ac 1550",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "intel",
            "version": null
          },
          {
            "model": "core specification",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "bluetooth",
            "version": "2.1"
          },
          {
            "model": "ac 9560",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "intel",
            "version": null
          },
          {
            "model": "ac 8265",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "intel",
            "version": null
          },
          {
            "model": "ax1675",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "intel",
            "version": null
          },
          {
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "34"
          },
          {
            "model": "ac 9461",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "intel",
            "version": null
          },
          {
            "model": "ax1650",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "intel",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-26558"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "This document was written by Madison Oliver.Statement Date:\u00a0\u00a0 February 22, 2021",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#799380"
          }
        ],
        "trust": 0.8
      },
      "cve": "CVE-2020-26558",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.5,
                "id": "CVE-2020-26558",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.6,
                "id": "CVE-2020-26558",
                "impactScore": 2.5,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-26558",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202105-1503",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-26558",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2020-26558"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202105-1503"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-26558"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time. Devices supporting the Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure that could allow an attacker to impersonate a legitimate device during pairing.CVE- 2020-26556 Not Affected\nVendor Statement:\nAndroid does not support Bluetooth Mesh so is not vulnerable. \nCVE-2020-26555 Affected\nVendor Statement:\nAndroid has assessed this issue as High severity for Android OS and will be issuing a patch for this vulnerability in an upcoming Android security bulletin. \nCVE-2020-26557 Not Affected\nVendor Statement:\nAndroid does not support Bluetooth Mesh so is not vulnerable. \nCVE-2020-26558 Affected\nVendor Statement:\nAndroid has reviewed this report and assessed this vulnerability as having impact on Android OS. We will be issuing a patch for this vulnerability in an upcoming Android security bulletin. \nCVE-2020-26559 Not Affected\nVendor Statement:\nAndroid does not support Bluetooth Mesh so is not vulnerable. \nCVE-2020-26560 Not Affected\nVendor Statement:\nAndroid does not support Bluetooth Mesh so is not vulnerable. \nVU#799380.5 Affected\nVendor Statement:\nOur assessment of this report is that it is of negligible security impact on Android.CVE- 2020-26556 Not Affected\nVendor Statement:\nAndroid does not support Bluetooth Mesh so is not vulnerable. \nCVE-2020-26555 Affected\nVendor Statement:\nAndroid has assessed this issue as High severity for Android OS and will be issuing a patch for this vulnerability in an upcoming Android security bulletin. \nCVE-2020-26557 Not Affected\nVendor Statement:\nAndroid does not support Bluetooth Mesh so is not vulnerable. \nCVE-2020-26558 Affected\nVendor Statement:\nAndroid has reviewed this report and assessed this vulnerability as having impact on Android OS. We will be issuing a patch for this vulnerability in an upcoming Android security bulletin. \nCVE-2020-26559 Not Affected\nVendor Statement:\nAndroid does not support Bluetooth Mesh so is not vulnerable. \nCVE-2020-26560 Not Affected\nVendor Statement:\nAndroid does not support Bluetooth Mesh so is not vulnerable. \nVU#799380.5 Affected\nVendor Statement:\nOur assessment of this report is that it is of negligible security impact on Android. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202209-16\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: BlueZ: Multiple Vulnerabilities\n     Date: September 29, 2022\n     Bugs: #797712, #835077\n       ID: 202209-16\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been discovered in BlueZ, the worst of\nwhich could result in arbitrary code execution. \n\nBackground\n==========\n\nBlueZ is the canonical bluetooth tools and system daemons package for\nLinux. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-wireless/bluez         \u003c 5.63                        \u003e= 5.63\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in BlueZ. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll BlueZ users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-wireless/bluez-5.63\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-26558\n      https://nvd.nist.gov/vuln/detail/CVE-2020-26558\n[ 2 ] CVE-2021-0129\n      https://nvd.nist.gov/vuln/detail/CVE-2021-0129\n[ 3 ] CVE-2021-3588\n      https://nvd.nist.gov/vuln/detail/CVE-2021-3588\n[ 4 ] CVE-2022-0204\n      https://nvd.nist.gov/vuln/detail/CVE-2022-0204\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202209-16\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: bluez security update\nAdvisory ID:       RHSA-2021:4432-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2021:4432\nIssue date:        2021-11-09\nCVE Names:         CVE-2020-26558\n====================================================================\n1. Summary:\n\nAn update for bluez is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe bluez packages contain the following utilities for use in Bluetooth\napplications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start\nscripts (Red Hat), and pcmcia configuration files. \n\nSecurity Fix(es):\n\n* bluez: Passkey Entry protocol of the Bluetooth Core is vulnerable to an\nimpersonation attack (CVE-2020-26558)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.5 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\naarch64:\nbluez-cups-5.56-1.el8.aarch64.rpm\nbluez-cups-debuginfo-5.56-1.el8.aarch64.rpm\nbluez-debuginfo-5.56-1.el8.aarch64.rpm\nbluez-debugsource-5.56-1.el8.aarch64.rpm\nbluez-hid2hci-debuginfo-5.56-1.el8.aarch64.rpm\nbluez-libs-debuginfo-5.56-1.el8.aarch64.rpm\nbluez-obexd-debuginfo-5.56-1.el8.aarch64.rpm\n\nppc64le:\nbluez-cups-5.56-1.el8.ppc64le.rpm\nbluez-cups-debuginfo-5.56-1.el8.ppc64le.rpm\nbluez-debuginfo-5.56-1.el8.ppc64le.rpm\nbluez-debugsource-5.56-1.el8.ppc64le.rpm\nbluez-hid2hci-debuginfo-5.56-1.el8.ppc64le.rpm\nbluez-libs-debuginfo-5.56-1.el8.ppc64le.rpm\nbluez-obexd-debuginfo-5.56-1.el8.ppc64le.rpm\n\ns390x:\nbluez-cups-5.56-1.el8.s390x.rpm\nbluez-cups-debuginfo-5.56-1.el8.s390x.rpm\nbluez-debuginfo-5.56-1.el8.s390x.rpm\nbluez-debugsource-5.56-1.el8.s390x.rpm\nbluez-hid2hci-debuginfo-5.56-1.el8.s390x.rpm\nbluez-libs-debuginfo-5.56-1.el8.s390x.rpm\nbluez-obexd-debuginfo-5.56-1.el8.s390x.rpm\n\nx86_64:\nbluez-cups-5.56-1.el8.x86_64.rpm\nbluez-cups-debuginfo-5.56-1.el8.x86_64.rpm\nbluez-debuginfo-5.56-1.el8.x86_64.rpm\nbluez-debugsource-5.56-1.el8.x86_64.rpm\nbluez-hid2hci-debuginfo-5.56-1.el8.x86_64.rpm\nbluez-libs-debuginfo-5.56-1.el8.x86_64.rpm\nbluez-obexd-debuginfo-5.56-1.el8.x86_64.rpm\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\nbluez-5.56-1.el8.src.rpm\n\naarch64:\nbluez-5.56-1.el8.aarch64.rpm\nbluez-cups-debuginfo-5.56-1.el8.aarch64.rpm\nbluez-debuginfo-5.56-1.el8.aarch64.rpm\nbluez-debugsource-5.56-1.el8.aarch64.rpm\nbluez-hid2hci-5.56-1.el8.aarch64.rpm\nbluez-hid2hci-debuginfo-5.56-1.el8.aarch64.rpm\nbluez-libs-5.56-1.el8.aarch64.rpm\nbluez-libs-debuginfo-5.56-1.el8.aarch64.rpm\nbluez-obexd-5.56-1.el8.aarch64.rpm\nbluez-obexd-debuginfo-5.56-1.el8.aarch64.rpm\n\nppc64le:\nbluez-5.56-1.el8.ppc64le.rpm\nbluez-cups-debuginfo-5.56-1.el8.ppc64le.rpm\nbluez-debuginfo-5.56-1.el8.ppc64le.rpm\nbluez-debugsource-5.56-1.el8.ppc64le.rpm\nbluez-hid2hci-5.56-1.el8.ppc64le.rpm\nbluez-hid2hci-debuginfo-5.56-1.el8.ppc64le.rpm\nbluez-libs-5.56-1.el8.ppc64le.rpm\nbluez-libs-debuginfo-5.56-1.el8.ppc64le.rpm\nbluez-obexd-5.56-1.el8.ppc64le.rpm\nbluez-obexd-debuginfo-5.56-1.el8.ppc64le.rpm\n\ns390x:\nbluez-5.56-1.el8.s390x.rpm\nbluez-cups-debuginfo-5.56-1.el8.s390x.rpm\nbluez-debuginfo-5.56-1.el8.s390x.rpm\nbluez-debugsource-5.56-1.el8.s390x.rpm\nbluez-hid2hci-5.56-1.el8.s390x.rpm\nbluez-hid2hci-debuginfo-5.56-1.el8.s390x.rpm\nbluez-libs-5.56-1.el8.s390x.rpm\nbluez-libs-debuginfo-5.56-1.el8.s390x.rpm\nbluez-obexd-5.56-1.el8.s390x.rpm\nbluez-obexd-debuginfo-5.56-1.el8.s390x.rpm\n\nx86_64:\nbluez-5.56-1.el8.x86_64.rpm\nbluez-cups-debuginfo-5.56-1.el8.i686.rpm\nbluez-cups-debuginfo-5.56-1.el8.x86_64.rpm\nbluez-debuginfo-5.56-1.el8.i686.rpm\nbluez-debuginfo-5.56-1.el8.x86_64.rpm\nbluez-debugsource-5.56-1.el8.i686.rpm\nbluez-debugsource-5.56-1.el8.x86_64.rpm\nbluez-hid2hci-5.56-1.el8.x86_64.rpm\nbluez-hid2hci-debuginfo-5.56-1.el8.i686.rpm\nbluez-hid2hci-debuginfo-5.56-1.el8.x86_64.rpm\nbluez-libs-5.56-1.el8.i686.rpm\nbluez-libs-5.56-1.el8.x86_64.rpm\nbluez-libs-debuginfo-5.56-1.el8.i686.rpm\nbluez-libs-debuginfo-5.56-1.el8.x86_64.rpm\nbluez-obexd-5.56-1.el8.x86_64.rpm\nbluez-obexd-debuginfo-5.56-1.el8.i686.rpm\nbluez-obexd-debuginfo-5.56-1.el8.x86_64.rpm\n\nRed Hat Enterprise Linux CRB (v. 8):\n\naarch64:\nbluez-cups-debuginfo-5.56-1.el8.aarch64.rpm\nbluez-debuginfo-5.56-1.el8.aarch64.rpm\nbluez-debugsource-5.56-1.el8.aarch64.rpm\nbluez-hid2hci-debuginfo-5.56-1.el8.aarch64.rpm\nbluez-libs-debuginfo-5.56-1.el8.aarch64.rpm\nbluez-libs-devel-5.56-1.el8.aarch64.rpm\nbluez-obexd-debuginfo-5.56-1.el8.aarch64.rpm\n\nppc64le:\nbluez-cups-debuginfo-5.56-1.el8.ppc64le.rpm\nbluez-debuginfo-5.56-1.el8.ppc64le.rpm\nbluez-debugsource-5.56-1.el8.ppc64le.rpm\nbluez-hid2hci-debuginfo-5.56-1.el8.ppc64le.rpm\nbluez-libs-debuginfo-5.56-1.el8.ppc64le.rpm\nbluez-libs-devel-5.56-1.el8.ppc64le.rpm\nbluez-obexd-debuginfo-5.56-1.el8.ppc64le.rpm\n\ns390x:\nbluez-cups-debuginfo-5.56-1.el8.s390x.rpm\nbluez-debuginfo-5.56-1.el8.s390x.rpm\nbluez-debugsource-5.56-1.el8.s390x.rpm\nbluez-hid2hci-debuginfo-5.56-1.el8.s390x.rpm\nbluez-libs-debuginfo-5.56-1.el8.s390x.rpm\nbluez-libs-devel-5.56-1.el8.s390x.rpm\nbluez-obexd-debuginfo-5.56-1.el8.s390x.rpm\n\nx86_64:\nbluez-cups-debuginfo-5.56-1.el8.i686.rpm\nbluez-cups-debuginfo-5.56-1.el8.x86_64.rpm\nbluez-debuginfo-5.56-1.el8.i686.rpm\nbluez-debuginfo-5.56-1.el8.x86_64.rpm\nbluez-debugsource-5.56-1.el8.i686.rpm\nbluez-debugsource-5.56-1.el8.x86_64.rpm\nbluez-hid2hci-debuginfo-5.56-1.el8.i686.rpm\nbluez-hid2hci-debuginfo-5.56-1.el8.x86_64.rpm\nbluez-libs-debuginfo-5.56-1.el8.i686.rpm\nbluez-libs-debuginfo-5.56-1.el8.x86_64.rpm\nbluez-libs-devel-5.56-1.el8.i686.rpm\nbluez-libs-devel-5.56-1.el8.x86_64.rpm\nbluez-obexd-debuginfo-5.56-1.el8.i686.rpm\nbluez-obexd-debuginfo-5.56-1.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYYrdt9zjgjWX9erEAQj3Kg//RFuvdDqQfdw3Wm00uS+qmxOaUzvG5OVO\nXrSpoMb5VcrJRKTBY3u4ObfU1+yGJ5iF2wGwxgu6QF4tLUwC/OPSCgvS0lifTcEy\nOkvBnkR06tBsGTjBmN8wyHQTEGVdFLlFU+sbC+yKjHmF31o6ZgDD7VZV/wuzqSGk\nZPR39CzfnnnTzLz2QvrYJZZ/tpgvS5qOTebP/qEmQCuwmRJeTaY+pgj28e8njQjU\nNMqAcR7/kPX6LIYzdhQgEOCWZ9imxjoYAwY/VMu9T23zuyTkRTQtCC8Q5GJgATRV\nqD4adxIeyJSvvMzJf6VkvzXu32AWira9oFgFPiYwjEYVJcMmGKZGJx94a1mu2Rs8\nTFi3+iuVAdHE1S9NJ54nfxkjnVs6XKDIITNIZkl+isfQEtkkUBfeVcK6U/57wCKN\njgvUtrcQpqNH86x3Uu4W//eFlXQrbfzsogDx10d/jSk+PPg60mP6Fzcad8PTgr/H\nvZygkT1bLbY7lOXejiVnJ8+otIv7tK+XzajDvQwgwC+9IigncMygiSS0SelVht4U\nrvdqIKs2btFOBk+GhUzEMogaGFDqRUpFKIEFFVtL6d3Uvr4rgDHjMewKdU9v11ED\n94Cg3wX0XFYvrnRS1Lxx9m1vuWtevD4EyZLSxcAEMLSXEMoa2c8f7Y6gxb7PGAKb\nirY79RTeDm4=R6rn\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nOriginal advisory details:\n\n It was discovered that BlueZ incorrectly checked certain permissions when\n pairing. (CVE-2020-26558)\n\n Jay LV discovered that BlueZ incorrectly handled redundant disconnect MGMT\n events. ==========================================================================\nUbuntu Security Notice USN-5018-1\nJuly 20, 2021\n\nlinux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp,\nlinux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2,\nlinux-snapdragon vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in the Linux kernel. \n\nSoftware Description:\n- linux: Linux kernel\n- linux-aws: Linux kernel for Amazon Web Services (AWS) systems\n- linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems\n- linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems\n- linux-kvm: Linux kernel for cloud environments\n- linux-oracle: Linux kernel for Oracle Cloud systems\n- linux-raspi2: Linux kernel for Raspberry Pi (V8) systems\n- linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors\n- linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems\n- linux-azure: Linux kernel for Microsoft Azure Cloud systems\n- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems\n- linux-hwe: Linux hardware enablement (HWE) kernel\n\nDetails:\n\nIt was discovered that the virtual file system implementation in the Linux\nkernel contained an unsigned to signed integer conversion error. A local\nattacker could use this to cause a denial of service (system crash) or\nexecute arbitrary code. (CVE-2021-33909)\n\nPiotr Krysiuk discovered that the eBPF implementation in the Linux kernel\ndid not properly enforce limits for pointer operations. A local attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2021-33200)\n\nMathy Vanhoef discovered that the Linux kernel\u2019s WiFi implementation did\nnot properly clear received fragments from memory in some situations. A\nphysically proximate attacker could possibly use this issue to inject\npackets or expose sensitive information. (CVE-2020-24586)\n\nMathy Vanhoef discovered that the Linux kernel\u2019s WiFi implementation\nincorrectly handled encrypted fragments. A physically proximate attacker\ncould possibly use this issue to decrypt fragments. (CVE-2020-24587)\n\nMathy Vanhoef discovered that the Linux kernel\u2019s WiFi implementation\nincorrectly handled EAPOL frames from unauthenticated senders. A physically\nproximate attacker could inject malicious packets to cause a denial of\nservice (system crash). (CVE-2020-26139)\n\nMathy Vanhoef discovered that the Linux kernel\u2019s WiFi implementation could\nreassemble mixed encrypted and plaintext fragments. A physically proximate\nattacker could possibly use this issue to inject packets or exfiltrate\nselected fragments. (CVE-2020-26147)\n\nIt was discovered that the bluetooth subsystem in the Linux kernel did not\nproperly perform access control. An authenticated attacker could possibly\nuse this to expose sensitive information. (CVE-2020-26558, CVE-2021-0129)\n\nOr Cohen and Nadav Markus discovered a use-after-free vulnerability in the\nnfc implementation in the Linux kernel. A privileged local attacker could\nuse this issue to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2021-23134)\n\nPiotr Krysiuk discovered that the eBPF implementation in the Linux kernel\ndid not properly prevent speculative loads in certain situations. A local\nattacker could use this to expose sensitive information (kernel memory). \n(CVE-2021-31829)\n\nIt was discovered that a race condition in the kernel Bluetooth subsystem\ncould lead to use-after-free of slab objects. An attacker could use this\nissue to possibly execute arbitrary code. (CVE-2021-32399)\n\nIt was discovered that a use-after-free existed in the Bluetooth HCI driver\nof the Linux kernel. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code. (CVE-2021-33034)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.04 LTS:\n  linux-image-4.15.0-1078-oracle  4.15.0-1078.86\n  linux-image-4.15.0-1092-raspi2  4.15.0-1092.98\n  linux-image-4.15.0-1097-kvm     4.15.0-1097.99\n  linux-image-4.15.0-1106-gcp     4.15.0-1106.120\n  linux-image-4.15.0-1109-aws     4.15.0-1109.116\n  linux-image-4.15.0-1109-snapdragon  4.15.0-1109.118\n  linux-image-4.15.0-1121-azure   4.15.0-1121.134\n  linux-image-4.15.0-151-generic  4.15.0-151.157\n  linux-image-4.15.0-151-generic-lpae  4.15.0-151.157\n  linux-image-4.15.0-151-lowlatency  4.15.0-151.157\n  linux-image-aws-lts-18.04       4.15.0.1109.112\n  linux-image-azure-lts-18.04     4.15.0.1121.94\n  linux-image-gcp-lts-18.04       4.15.0.1106.125\n  linux-image-generic             4.15.0.151.139\n  linux-image-generic-lpae        4.15.0.151.139\n  linux-image-kvm                 4.15.0.1097.93\n  linux-image-lowlatency          4.15.0.151.139\n  linux-image-oracle-lts-18.04    4.15.0.1078.88\n  linux-image-raspi2              4.15.0.1092.90\n  linux-image-snapdragon          4.15.0.1109.112\n  linux-image-virtual             4.15.0.151.139\n\nUbuntu 16.04 ESM:\n  linux-image-4.15.0-1078-oracle  4.15.0-1078.86~16.04.1\n  linux-image-4.15.0-1106-gcp     4.15.0-1106.120~16.04.1\n  linux-image-4.15.0-1109-aws     4.15.0-1109.116~16.04.1\n  linux-image-4.15.0-1121-azure   4.15.0-1121.134~16.04.1\n  linux-image-4.15.0-151-generic  4.15.0-151.157~16.04.1\n  linux-image-4.15.0-151-lowlatency  4.15.0-151.157~16.04.1\n  linux-image-aws-hwe             4.15.0.1109.100\n  linux-image-azure               4.15.0.1121.112\n  linux-image-gcp                 4.15.0.1106.107\n  linux-image-generic-hwe-16.04   4.15.0.151.146\n  linux-image-gke                 4.15.0.1106.107\n  linux-image-lowlatency-hwe-16.04  4.15.0.151.146\n  linux-image-oem                 4.15.0.151.146\n  linux-image-oracle              4.15.0.1078.66\n  linux-image-virtual-hwe-16.04   4.15.0.151.146\n\nUbuntu 14.04 ESM:\n  linux-image-4.15.0-1121-azure   4.15.0-1121.134~14.04.1\n  linux-image-azure               4.15.0.1121.94\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. \n\nReferences:\n  https://ubuntu.com/security/notices/USN-5018-1\n  CVE-2020-24586, CVE-2020-24587, CVE-2020-26139, CVE-2020-26147,\n  CVE-2020-26558, CVE-2021-0129, CVE-2021-23134, CVE-2021-31829,\n  CVE-2021-32399, CVE-2021-33034, CVE-2021-33200, CVE-2021-33909\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/linux/4.15.0-151.157\n  https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1109.116\n  https://launchpad.net/ubuntu/+source/linux-azure-4.15/4.15.0-1121.134\n  https://launchpad.net/ubuntu/+source/linux-gcp-4.15/4.15.0-1106.120\n  https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1097.99\n  https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1078.86\n  https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1092.98\n  https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1109.118\n. (CVE-2020-26558, CVE-2021-0129)\n\nMichael Brown discovered that the Xen netback driver in the Linux kernel\ndid not properly handle malformed packets from a network PV frontend,\nleading to a use-after-free vulnerability",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-26558"
          },
          {
            "db": "CERT/CC",
            "id": "VU#799380"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-26558"
          },
          {
            "db": "PACKETSTORM",
            "id": "168567"
          },
          {
            "db": "PACKETSTORM",
            "id": "164844"
          },
          {
            "db": "PACKETSTORM",
            "id": "163186"
          },
          {
            "db": "PACKETSTORM",
            "id": "163598"
          },
          {
            "db": "PACKETSTORM",
            "id": "163599"
          },
          {
            "db": "PACKETSTORM",
            "id": "163905"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-26558",
            "trust": 3.2
          },
          {
            "db": "CERT/CC",
            "id": "VU#799380",
            "trust": 2.5
          },
          {
            "db": "PACKETSTORM",
            "id": "168567",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "164844",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "163598",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "163905",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2860",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2350",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2805",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2256",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1225",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2453",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2662",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.1976",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.1999",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.5284",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2368",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2145",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2409",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3754",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2290",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2248",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "163877",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "163184",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "166417",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021052614",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021062109",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021070408",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021060801",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021080805",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021111135",
            "trust": 0.6
          },
          {
            "db": "LENOVO",
            "id": "LEN-51734",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202105-1503",
            "trust": 0.6
          },
          {
            "db": "OTHER",
            "id": "NONE",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-26558",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "163186",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "163599",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#799380"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-26558"
          },
          {
            "db": "PACKETSTORM",
            "id": "168567"
          },
          {
            "db": "PACKETSTORM",
            "id": "164844"
          },
          {
            "db": "PACKETSTORM",
            "id": "163186"
          },
          {
            "db": "PACKETSTORM",
            "id": "163598"
          },
          {
            "db": "PACKETSTORM",
            "id": "163599"
          },
          {
            "db": "PACKETSTORM",
            "id": "163905"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202105-1503"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-26558"
          }
        ]
      },
      "id": "VAR-202105-0146",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ],
        "trust": 0.01
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "network device"
            ],
            "sub_category": "bluetooth device",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ]
      },
      "last_update_date": "2026-03-05T21:09:33.658000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Bluetooth Core Specification Remediation measures for authorization problem vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=152684"
          },
          {
            "title": "Red Hat: CVE-2020-26558",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2020-26558"
          },
          {
            "title": "Debian CVElist Bug Report Logs: bluez: CVE-2021-0129 CVE-2020-26558",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=0634986a83e749d947f670c2c6fc6f8a"
          },
          {
            "title": "Debian Security Advisories: DSA-4951-1 bluez -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=022b2816062a8ca433d97ca2e73731f3"
          },
          {
            "title": "Arch Linux Issues: ",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2020-26558 log"
          },
          {
            "title": "CVE-2020-26558",
            "trust": 0.1,
            "url": "https://github.com/AlAIAL90/CVE-2020-26558 "
          },
          {
            "title": "BleepingComputer",
            "trust": 0.1,
            "url": "https://www.bleepingcomputer.com/news/security/bluetooth-flaws-allow-attackers-to-impersonate-legitimate-devices/"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2020-26558"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202105-1503"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-26558"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://kb.cert.org/vuls/id/799380"
          },
          {
            "trust": 1.7,
            "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
          },
          {
            "trust": 1.7,
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html"
          },
          {
            "trust": 1.7,
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html"
          },
          {
            "trust": 1.7,
            "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
          },
          {
            "trust": 1.7,
            "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
          },
          {
            "trust": 1.7,
            "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00022.html"
          },
          {
            "trust": 1.7,
            "url": "https://security.gentoo.org/glsa/202209-16"
          },
          {
            "trust": 1.6,
            "url": "https://www.debian.org/security/2021/dsa-4951"
          },
          {
            "trust": 1.0,
            "url": "https://www.kb.cert.org/vuls/id/799380"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/nss6ctge4ugtjlcozoasdr3t3sll6qjz/"
          },
          {
            "trust": 0.8,
            "url": "cve- 2020-26556  "
          },
          {
            "trust": 0.8,
            "url": "cve-2020-26555  "
          },
          {
            "trust": 0.8,
            "url": "cve-2020-26557  "
          },
          {
            "trust": 0.8,
            "url": "cve-2020-26558  "
          },
          {
            "trust": 0.8,
            "url": "cve-2020-26559  "
          },
          {
            "trust": 0.8,
            "url": "cve-2020-26560  "
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/nss6ctge4ugtjlcozoasdr3t3sll6qjz/"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26558"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168567/gentoo-linux-security-advisory-202209-16.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021111135"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021052614"
          },
          {
            "trust": 0.6,
            "url": "https://source.android.com/security/bulletin/2021-06-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021080805"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/164844/red-hat-security-advisory-2021-4432-03.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2368"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3754"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.5284"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2145"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2662"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2860"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/163877/ubuntu-security-notice-usn-5046-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2021-bulletin"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1225"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021060801"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.1976"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021062109"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2248"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2409"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2805"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.1999"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021070408"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166417/ubuntu-security-notice-usn-5343-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/163184/ubuntu-security-notice-usn-4989-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-phones-202107-0000001170634565"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2350"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/163905/ubuntu-security-notice-usn-5050-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://support.lenovo.com/us/en/product_security/len-51734"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/bluetooth-privilege-escalation-via-passkey-entry-impersonation-35544"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2256"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2453"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2290"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/163598/ubuntu-security-notice-usn-5017-1.html"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-26558"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33909"
          },
          {
            "trust": 0.1,
            "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/287.html"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/alaial90/cve-2020-26558"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "https://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-0129"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0204"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3588"
          },
          {
            "trust": 0.1,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:4432"
          },
          {
            "trust": 0.1,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-4989-2"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27153"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-4989-1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1021.22"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-gcp-5.4/5.4.0-1049.53~18.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1049.53"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-oracle-5.4/5.4.0-1052.56~18.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1041.45"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1044.46"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-5017-1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-gke-5.4/5.4.0-1049.52~18.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-hwe-5.4/5.4.0-80.90~18.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-aws-5.4/5.4.0-1054.57~18.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1055.57"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1052.56"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-gke/5.4.0-1049.52"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-azure-5.4/5.4.0-1055.57~18.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1054.57"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux/5.4.0-80.90"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-gkeop-5.4/5.4.0-1021.22~18.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-raspi-5.4/5.4.0-1041.45~18.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux/4.15.0-151.157"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1097.99"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1078.86"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-gcp-4.15/4.15.0-1106.120"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26147"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33200"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-5018-1"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32399"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24586"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1109.116"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1092.98"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-azure-4.15/4.15.0-1121.134"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24587"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23134"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33034"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31829"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1109.118"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26139"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-5050-1"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-28691"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-aws-5.8/5.8.0-1042.44~20.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-oracle-5.8/5.8.0-1038.39~20.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3564"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-gcp-5.8/5.8.0-1039.41"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3573"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-38208"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-azure-5.8/5.8.0-1040.43~20.04.1"
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#799380"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-26558"
          },
          {
            "db": "PACKETSTORM",
            "id": "168567"
          },
          {
            "db": "PACKETSTORM",
            "id": "164844"
          },
          {
            "db": "PACKETSTORM",
            "id": "163186"
          },
          {
            "db": "PACKETSTORM",
            "id": "163598"
          },
          {
            "db": "PACKETSTORM",
            "id": "163599"
          },
          {
            "db": "PACKETSTORM",
            "id": "163905"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202105-1503"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-26558"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#799380"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-26558"
          },
          {
            "db": "PACKETSTORM",
            "id": "168567"
          },
          {
            "db": "PACKETSTORM",
            "id": "164844"
          },
          {
            "db": "PACKETSTORM",
            "id": "163186"
          },
          {
            "db": "PACKETSTORM",
            "id": "163598"
          },
          {
            "db": "PACKETSTORM",
            "id": "163599"
          },
          {
            "db": "PACKETSTORM",
            "id": "163905"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202105-1503"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-26558"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-05-24T00:00:00",
            "db": "CERT/CC",
            "id": "VU#799380"
          },
          {
            "date": "2021-05-24T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-26558"
          },
          {
            "date": "2022-09-30T14:52:58",
            "db": "PACKETSTORM",
            "id": "168567"
          },
          {
            "date": "2021-11-10T17:05:47",
            "db": "PACKETSTORM",
            "id": "164844"
          },
          {
            "date": "2021-06-17T17:49:44",
            "db": "PACKETSTORM",
            "id": "163186"
          },
          {
            "date": "2021-07-21T16:04:36",
            "db": "PACKETSTORM",
            "id": "163598"
          },
          {
            "date": "2021-07-21T16:04:42",
            "db": "PACKETSTORM",
            "id": "163599"
          },
          {
            "date": "2021-08-24T15:17:06",
            "db": "PACKETSTORM",
            "id": "163905"
          },
          {
            "date": "2021-05-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202105-1503"
          },
          {
            "date": "2021-05-24T18:15:07.930000",
            "db": "NVD",
            "id": "CVE-2020-26558"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-09T00:00:00",
            "db": "CERT/CC",
            "id": "VU#799380"
          },
          {
            "date": "2021-08-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-26558"
          },
          {
            "date": "2022-10-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202105-1503"
          },
          {
            "date": "2025-11-04T20:15:58.053000",
            "db": "NVD",
            "id": "CVE-2020-26558"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202105-1503"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Devices supporting Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#799380"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202105-1503"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202105-0145

    Vulnerability from variot - Updated: 2025-11-18 12:13

    Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (without possession of the AuthValue used in the provisioning protocol) to determine the AuthValue via a brute-force attack (unless the AuthValue is sufficiently random and changed each time). Devices supporting the Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure that could allow an attacker to impersonate a legitimate device during pairing.CVE- 2020-26556 Not Affected Vendor Statement: Android does not support Bluetooth Mesh so is not vulnerable. CVE-2020-26555 Affected Vendor Statement: Android has assessed this issue as High severity for Android OS and will be issuing a patch for this vulnerability in an upcoming Android security bulletin. CVE-2020-26557 Not Affected Vendor Statement: Android does not support Bluetooth Mesh so is not vulnerable. CVE-2020-26558 Affected Vendor Statement: Android has reviewed this report and assessed this vulnerability as having impact on Android OS. We will be issuing a patch for this vulnerability in an upcoming Android security bulletin. CVE-2020-26559 Not Affected Vendor Statement: Android does not support Bluetooth Mesh so is not vulnerable. CVE-2020-26560 Not Affected Vendor Statement: Android does not support Bluetooth Mesh so is not vulnerable. VU#799380.5 Affected Vendor Statement: Our assessment of this report is that it is of negligible security impact on Android.CVE- 2020-26556 Not Affected Vendor Statement: Android does not support Bluetooth Mesh so is not vulnerable. CVE-2020-26555 Affected Vendor Statement: Android has assessed this issue as High severity for Android OS and will be issuing a patch for this vulnerability in an upcoming Android security bulletin. CVE-2020-26557 Not Affected Vendor Statement: Android does not support Bluetooth Mesh so is not vulnerable. CVE-2020-26558 Affected Vendor Statement: Android has reviewed this report and assessed this vulnerability as having impact on Android OS. We will be issuing a patch for this vulnerability in an upcoming Android security bulletin. CVE-2020-26559 Not Affected Vendor Statement: Android does not support Bluetooth Mesh so is not vulnerable. CVE-2020-26560 Not Affected Vendor Statement: Android does not support Bluetooth Mesh so is not vulnerable. VU#799380.5 Affected Vendor Statement: Our assessment of this report is that it is of negligible security impact on Android. Bluetooth Mesh profile Contains an improper authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202105-0145",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mesh profile",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "bluetooth",
            "version": "1.0.0"
          },
          {
            "model": "mesh profile",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "bluetooth",
            "version": "1.0.1"
          },
          {
            "model": "mesh profile",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "bluetooth sig",
            "version": "1.0.1"
          },
          {
            "model": "mesh profile",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "bluetooth sig",
            "version": "1.0"
          },
          {
            "model": "mesh profile",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "bluetooth sig",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-007329"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-26557"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "This document was written by Madison Oliver.Statement Date:\u00a0\u00a0 February 22, 2021",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#799380"
          }
        ],
        "trust": 0.8
      },
      "cve": "CVE-2020-26557",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 2.9,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.5,
                "id": "CVE-2020-26557",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 1.8,
                "vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.6,
                "id": "CVE-2020-26557",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Adjacent Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2020-26557",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-26557",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2020-26557",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202104-975",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202105-1500",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202105-1500"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-007329"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-26557"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (without possession of the AuthValue used in the provisioning protocol) to determine the AuthValue via a brute-force attack (unless the AuthValue is sufficiently random and changed each time). Devices supporting the Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure that could allow an attacker to impersonate a legitimate device during pairing.CVE- 2020-26556 Not Affected\nVendor Statement:\nAndroid does not support Bluetooth Mesh so is not vulnerable. \nCVE-2020-26555 Affected\nVendor Statement:\nAndroid has assessed this issue as High severity for Android OS and will be issuing a patch for this vulnerability in an upcoming Android security bulletin. \nCVE-2020-26557 Not Affected\nVendor Statement:\nAndroid does not support Bluetooth Mesh so is not vulnerable. \nCVE-2020-26558 Affected\nVendor Statement:\nAndroid has reviewed this report and assessed this vulnerability as having impact on Android OS. We will be issuing a patch for this vulnerability in an upcoming Android security bulletin. \nCVE-2020-26559 Not Affected\nVendor Statement:\nAndroid does not support Bluetooth Mesh so is not vulnerable. \nCVE-2020-26560 Not Affected\nVendor Statement:\nAndroid does not support Bluetooth Mesh so is not vulnerable. \nVU#799380.5 Affected\nVendor Statement:\nOur assessment of this report is that it is of negligible security impact on Android.CVE- 2020-26556 Not Affected\nVendor Statement:\nAndroid does not support Bluetooth Mesh so is not vulnerable. \nCVE-2020-26555 Affected\nVendor Statement:\nAndroid has assessed this issue as High severity for Android OS and will be issuing a patch for this vulnerability in an upcoming Android security bulletin. \nCVE-2020-26557 Not Affected\nVendor Statement:\nAndroid does not support Bluetooth Mesh so is not vulnerable. \nCVE-2020-26558 Affected\nVendor Statement:\nAndroid has reviewed this report and assessed this vulnerability as having impact on Android OS. We will be issuing a patch for this vulnerability in an upcoming Android security bulletin. \nCVE-2020-26559 Not Affected\nVendor Statement:\nAndroid does not support Bluetooth Mesh so is not vulnerable. \nCVE-2020-26560 Not Affected\nVendor Statement:\nAndroid does not support Bluetooth Mesh so is not vulnerable. \nVU#799380.5 Affected\nVendor Statement:\nOur assessment of this report is that it is of negligible security impact on Android. Bluetooth Mesh profile Contains an improper authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-26557"
          },
          {
            "db": "CERT/CC",
            "id": "VU#799380"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-007329"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          }
        ],
        "trust": 2.88
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-26557",
            "trust": 4.1
          },
          {
            "db": "CERT/CC",
            "id": "VU#799380",
            "trust": 3.2
          },
          {
            "db": "JVN",
            "id": "JVNVU99594334",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-007329",
            "trust": 0.8
          },
          {
            "db": "CS-HELP",
            "id": "SB2021041363",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021052614",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021070408",
            "trust": 0.6
          },
          {
            "db": "LENOVO",
            "id": "LEN-51734",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202105-1500",
            "trust": 0.6
          },
          {
            "db": "OTHER",
            "id": "NONE",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#799380"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202105-1500"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-007329"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-26557"
          }
        ]
      },
      "id": "VAR-202105-0145",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ],
        "trust": 0.01
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "network device"
            ],
            "sub_category": "bluetooth device",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ]
      },
      "last_update_date": "2025-11-18T12:13:36.659000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Reporting\u00a0Security\u00a0Vulnerabilities",
            "trust": 0.8,
            "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
          },
          {
            "title": "Bluetooth Mesh Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=153465"
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202105-1500"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-007329"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.0
          },
          {
            "problemtype": "Bad authentication (CWE-863) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-007329"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-26557"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://kb.cert.org/vuls/id/799380"
          },
          {
            "trust": 1.6,
            "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
          },
          {
            "trust": 1.0,
            "url": "https://www.kb.cert.org/vuls/id/799380"
          },
          {
            "trust": 0.8,
            "url": "cve- 2020-26556  "
          },
          {
            "trust": 0.8,
            "url": "cve-2020-26555  "
          },
          {
            "trust": 0.8,
            "url": "cve-2020-26557  "
          },
          {
            "trust": 0.8,
            "url": "cve-2020-26558  "
          },
          {
            "trust": 0.8,
            "url": "cve-2020-26559  "
          },
          {
            "trust": 0.8,
            "url": "cve-2020-26560  "
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu99594334/"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26557"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021070408"
          },
          {
            "trust": 0.6,
            "url": "https://support.lenovo.com/us/en/product_security/len-51734"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021052614"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/bluetooth-privilege-escalation-via-mesh-profile-provisioning-predictable-authvalue-35548"
          },
          {
            "trust": 0.1,
            "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#799380"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202105-1500"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-007329"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-26557"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#799380"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202105-1500"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-007329"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-26557"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-05-24T00:00:00",
            "db": "CERT/CC",
            "id": "VU#799380"
          },
          {
            "date": "2021-04-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "date": "2021-05-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202105-1500"
          },
          {
            "date": "2022-02-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-007329"
          },
          {
            "date": "2021-05-24T18:15:07.903000",
            "db": "NVD",
            "id": "CVE-2020-26557"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-09T00:00:00",
            "db": "CERT/CC",
            "id": "VU#799380"
          },
          {
            "date": "2021-04-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "date": "2022-07-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202105-1500"
          },
          {
            "date": "2022-02-08T07:08:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-007329"
          },
          {
            "date": "2025-11-04T20:15:57.920000",
            "db": "NVD",
            "id": "CVE-2020-26557"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202105-1500"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Devices supporting Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#799380"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202009-0586

    Vulnerability from variot - Updated: 2025-01-30 21:57

    Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Transport Key Derivation in Bluetooth Core Specification v4.2 and v5.0 may permit an unauthenticated user to establish a bonding with one transport, either LE or BR/EDR, and replace a bonding already established on the opposing transport, BR/EDR or LE, potentially overwriting an authenticated key with an unauthenticated key, or a key with greater entropy with one with less. This vulnerability is being referred to as BLURtooth.CVE-2020-15802 AffectedCVE-2020-15802 Affected

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202009-0586",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "core specification",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "bluetooth",
            "version": "5.1"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-15802"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "This document was written by Madison Oliver.We have not received a statement from the vendor.",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#589825"
          }
        ],
        "trust": 0.8
      },
      "cve": "CVE-2020-15802",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2020-15802",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.2,
                "id": "CVE-2020-15802",
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-15802",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202009-592",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-15802",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2020-15802"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-592"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-15802"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Transport Key Derivation in Bluetooth Core Specification v4.2 and v5.0 may permit an unauthenticated user to establish a bonding with one transport, either LE or BR/EDR, and replace a bonding already established on the opposing transport, BR/EDR or LE, potentially overwriting an authenticated key with an unauthenticated key, or a key with greater entropy with one with less. This vulnerability is being referred to as BLURtooth.CVE-2020-15802 AffectedCVE-2020-15802 Affected",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-15802"
          },
          {
            "db": "CERT/CC",
            "id": "VU#589825"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-15802"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-15802",
            "trust": 2.6
          },
          {
            "db": "CERT/CC",
            "id": "VU#589825",
            "trust": 2.5
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-592",
            "trust": 0.6
          },
          {
            "db": "OTHER",
            "id": "NONE",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-15802",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#589825"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-15802"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-592"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-15802"
          }
        ]
      },
      "id": "VAR-202009-0586",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ],
        "trust": 0.01
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "network device"
            ],
            "sub_category": "bluetooth device",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ]
      },
      "last_update_date": "2025-01-30T21:57:27.851000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Bluetooth Core Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=128046"
          },
          {
            "title": "The Register",
            "trust": 0.2,
            "url": "https://www.theregister.co.uk/2020/09/11/blurtooth_vulnerability/"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Live-Hack-CVE/CVE-2020-15802 "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/francozappa/blur "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/goblimey/learn-unix "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Essen-Lin/Practice-of-the-Attack-and-Defense-of-Computers_Project2 "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/JeffroMF/awesome-bluetooth-security321 "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/khulnasoft-lab/awesome-security "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
          },
          {
            "title": "Threatpost",
            "trust": 0.1,
            "url": "https://threatpost.com/bluetooth-bug-mitm-attacks/159124/"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2020-15802"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-592"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-15802"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://www.kb.cert.org/vuls/id/589825"
          },
          {
            "trust": 1.7,
            "url": "https://gizmodo.com/bluetooth-unveils-its-latest-security-issue-with-no-se-1845013709"
          },
          {
            "trust": 1.7,
            "url": "https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/"
          },
          {
            "trust": 0.8,
            "url": "cve-2020-15802  "
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15802"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2020-15802"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/bluetooth-man-in-the-middle-via-cross-transport-key-derivation-33313"
          },
          {
            "trust": 0.1,
            "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/287.html"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/live-hack-cve/cve-2020-15802"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.theregister.co.uk/2020/09/11/blurtooth_vulnerability/"
          },
          {
            "trust": 0.1,
            "url": "https://threatpost.com/bluetooth-bug-mitm-attacks/159124/"
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#589825"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-15802"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-592"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-15802"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#589825"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-15802"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-592"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-15802"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-09-09T00:00:00",
            "db": "CERT/CC",
            "id": "VU#589825"
          },
          {
            "date": "2020-09-11T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-15802"
          },
          {
            "date": "2020-09-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202009-592"
          },
          {
            "date": "2020-09-11T14:15:11.317000",
            "db": "NVD",
            "id": "CVE-2020-15802"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-02-16T00:00:00",
            "db": "CERT/CC",
            "id": "VU#589825"
          },
          {
            "date": "2022-11-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-15802"
          },
          {
            "date": "2021-01-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202009-592"
          },
          {
            "date": "2024-11-21T05:06:12.767000",
            "db": "NVD",
            "id": "CVE-2020-15802"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-592"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Devices supporting Bluetooth BR/EDR and LE using CTKD are vulnerable to key overwrite",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#589825"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-592"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2023-24023 (GCVE-0-2023-24023)

    Vulnerability from nvd – Published: 2023-11-28 00:00 – Updated: 2024-08-02 10:49
    VLAI
    Summary
    Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    bluetooth bluetooth_core_specification Affected: 4.2 , ≤ 5.4 (custom)
        cpe:2.3:a:bluetooth:bluetooth_core_specification:4.2:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:bluetooth:bluetooth_core_specification:4.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bluetooth_core_specification",
                "vendor": "bluetooth",
                "versions": [
                  {
                    "lessThanOrEqual": "5.4",
                    "status": "affected",
                    "version": "4.2",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-24023",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-01T03:55:58.358030Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-01T13:14:49.093Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:49:09.028Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/bluffs-vulnerability/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://dl.acm.org/doi/10.1145/3576915.3623066"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-28T06:55:49.765Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/bluffs-vulnerability/"
            },
            {
              "url": "https://dl.acm.org/doi/10.1145/3576915.3623066"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-24023",
        "datePublished": "2023-11-28T00:00:00.000Z",
        "dateReserved": "2023-01-20T00:00:00.000Z",
        "dateUpdated": "2024-08-02T10:49:09.028Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-24695 (GCVE-0-2022-24695)

    Vulnerability from nvd – Published: 2023-06-02 00:00 – Updated: 2025-01-10 18:29
    VLAI
    Summary
    Bluetooth Classic in Bluetooth Core Specification through 5.3 does not properly conceal device information for Bluetooth transceivers in Non-Discoverable mode. By conducting an efficient over-the-air attack, an attacker can fully extract the permanent, unique Bluetooth MAC identifier, along with device capabilities and identifiers, some of which may contain identifying information about the device owner. This additionally allows the attacker to establish a connection to the target device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-203 - Observable Discrepancy
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:20:50.042Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.bluetooth.com/specifications/specs/core-specification/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.computer.org/csdl/proceedings-article/sp/2023/933600a521/1He7Yja1AYM"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sp2023.ieee-security.org/program-papers.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-24695",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-10T18:29:51.256244Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-203",
                    "description": "CWE-203 Observable Discrepancy",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-10T18:29:57.338Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Bluetooth Classic in Bluetooth Core Specification through 5.3 does not properly conceal device information for Bluetooth transceivers in Non-Discoverable mode. By conducting an efficient over-the-air attack, an attacker can fully extract the permanent, unique Bluetooth MAC identifier, along with device capabilities and identifiers, some of which may contain identifying information about the device owner. This additionally allows the attacker to establish a connection to the target device."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-02T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.bluetooth.com/specifications/specs/core-specification/"
            },
            {
              "url": "https://www.computer.org/csdl/proceedings-article/sp/2023/933600a521/1He7Yja1AYM"
            },
            {
              "url": "https://sp2023.ieee-security.org/program-papers.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-24695",
        "datePublished": "2023-06-02T00:00:00.000Z",
        "dateReserved": "2022-02-09T00:00:00.000Z",
        "dateUpdated": "2025-01-10T18:29:57.338Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-25837 (GCVE-0-2022-25837)

    Vulnerability from nvd – Published: 2022-12-12 00:00 – Updated: 2025-04-22 20:21
    VLAI
    Summary
    Bluetooth® Pairing in Bluetooth Core Specification v1.0B through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when at least one device supports BR/EDR Secure Connections pairing and the other BR/EDR Legacy PIN code pairing if the MITM negotiates BR/EDR Secure Simple Pairing in Secure Connections mode using the Passkey association model with the pairing Initiator and BR/EDR Legacy PIN code pairing with the pairing Responder and brute forces the Passkey entered by the user into the Responder as a 6-digit PIN code. The MITM attacker can use the identified PIN code value as the Passkey value to complete authentication with the Initiator via Bluetooth pairing method confusion.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-294 - Authentication Bypass by Capture-replay
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:49:43.634Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-25837",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-22T20:21:00.675180Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-294",
                    "description": "CWE-294 Authentication Bypass by Capture-replay",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-22T20:21:36.394Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Bluetooth\u00ae Pairing in Bluetooth Core Specification v1.0B through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when at least one device supports BR/EDR Secure Connections pairing and the other BR/EDR Legacy PIN code pairing if the MITM negotiates BR/EDR Secure Simple Pairing in Secure Connections mode using the Passkey association model with the pairing Initiator and BR/EDR Legacy PIN code pairing with the pairing Responder and brute forces the Passkey entered by the user into the Responder as a 6-digit PIN code. The MITM attacker can use the identified PIN code value as the Passkey value to complete authentication with the Initiator via Bluetooth pairing method confusion."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-12T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-25837",
        "datePublished": "2022-12-12T00:00:00.000Z",
        "dateReserved": "2022-02-24T00:00:00.000Z",
        "dateUpdated": "2025-04-22T20:21:36.394Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-25836 (GCVE-0-2022-25836)

    Vulnerability from nvd – Published: 2022-12-12 00:00 – Updated: 2025-04-22 20:15
    VLAI
    Summary
    Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4.0 through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when the MITM negotiates Legacy Passkey Pairing with the pairing Initiator and Secure Connections Passkey Pairing with the pairing Responder and brute forces the Passkey entered by the user into the Initiator. The MITM attacker can use the identified Passkey value to complete authentication with the Responder via Bluetooth pairing method confusion.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-294 - Authentication Bypass by Capture-replay
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:49:43.981Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-25836",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-22T20:14:37.664817Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-294",
                    "description": "CWE-294 Authentication Bypass by Capture-replay",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-22T20:15:08.966Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Bluetooth\u00ae Low Energy Pairing in Bluetooth Core Specification v4.0 through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when the MITM negotiates Legacy Passkey Pairing with the pairing Initiator and Secure Connections Passkey Pairing with the pairing Responder and brute forces the Passkey entered by the user into the Initiator. The MITM attacker can use the identified Passkey value to complete authentication with the Responder via Bluetooth pairing method confusion."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-12T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-25836",
        "datePublished": "2022-12-12T00:00:00.000Z",
        "dateReserved": "2022-02-24T00:00:00.000Z",
        "dateUpdated": "2025-04-22T20:15:08.966Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-35473 (GCVE-0-2020-35473)

    Vulnerability from nvd – Published: 2022-11-08 00:00 – Updated: 2025-05-01 17:28
    VLAI
    Summary
    An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Bluetooth Core Specifications 4.0 through 5.2, and extended scan response in Bluetooth Core Specifications 5.0 through 5.2, may be used to identify devices using Resolvable Private Addressing (RPA) by their response or non-response to specific scan requests from remote addresses. RPAs that have been associated with a specific remote device may also be used to identify a peer in the same manner by using its reaction to an active scan request. This has also been called an allowlist-based side channel.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-294 - Authentication Bypass by Capture-replay
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:02:08.006Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://dl.acm.org/doi/10.1145/3548606.3559372"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sigsac.org/ccs/CCS2022/proceedings/ccs-proceedings.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-35473",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-01T17:27:22.791531Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-294",
                    "description": "CWE-294 Authentication Bypass by Capture-replay",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-01T17:28:19.414Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Bluetooth Core Specifications 4.0 through 5.2, and extended scan response in Bluetooth Core Specifications 5.0 through 5.2, may be used to identify devices using Resolvable Private Addressing (RPA) by their response or non-response to specific scan requests from remote addresses. RPAs that have been associated with a specific remote device may also be used to identify a peer in the same manner by using its reaction to an active scan request. This has also been called an allowlist-based side channel."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-08T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://dl.acm.org/doi/10.1145/3548606.3559372"
            },
            {
              "url": "https://www.sigsac.org/ccs/CCS2022/proceedings/ccs-proceedings.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-35473",
        "datePublished": "2022-11-08T00:00:00.000Z",
        "dateReserved": "2020-12-16T00:00:00.000Z",
        "dateUpdated": "2025-05-01T17:28:19.414Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-31615 (GCVE-0-2021-31615)

    Vulnerability from nvd – Published: 2021-06-25 11:59 – Updated: 2024-08-03 23:03
    VLAI
    Summary
    Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 may permit an adjacent device to inject a crafted packet during the receive window of the listening device before the transmitting device initiates its packet transmission to achieve full MITM status without terminating the link. When applied against devices establishing or using encrypted links, crafted packets may be used to terminate an existing link, but will not compromise the confidentiality or integrity of the link.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:03:33.657Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bluetooth.com"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/injectable/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 may permit an adjacent device to inject a crafted packet during the receive window of the listening device before the transmitting device initiates its packet transmission to achieve full MITM status without terminating the link. When applied against devices establishing or using encrypted links, crafted packets may be used to terminate an existing link, but will not compromise the confidentiality or integrity of the link."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-25T11:59:42.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bluetooth.com"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/injectable/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-31615",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 may permit an adjacent device to inject a crafted packet during the receive window of the listening device before the transmitting device initiates its packet transmission to achieve full MITM status without terminating the link. When applied against devices establishing or using encrypted links, crafted packets may be used to terminate an existing link, but will not compromise the confidentiality or integrity of the link."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bluetooth.com",
                  "refsource": "MISC",
                  "url": "https://bluetooth.com"
                },
                {
                  "name": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/injectable/",
                  "refsource": "MISC",
                  "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/injectable/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-31615",
        "datePublished": "2021-06-25T11:59:42.000Z",
        "dateReserved": "2021-04-23T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:03:33.657Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-26560 (GCVE-0-2020-26560)

    Vulnerability from nvd – Published: 2021-05-24 17:06 – Updated: 2025-11-04 19:12
    VLAI
    Summary
    Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, reflecting the authentication evidence from a Provisioner, to complete authentication without possessing the AuthValue, and potentially acquire a NetKey and AppKey.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T19:12:21.032Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kb.cert.org/vuls/id/799380"
              },
              {
                "url": "https://www.kb.cert.org/vuls/id/799380"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, reflecting the authentication evidence from a Provisioner, to complete authentication without possessing the AuthValue, and potentially acquire a NetKey and AppKey."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-05-24T17:06:57.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kb.cert.org/vuls/id/799380"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-26560",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, reflecting the authentication evidence from a Provisioner, to complete authentication without possessing the AuthValue, and potentially acquire a NetKey and AppKey."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/",
                  "refsource": "MISC",
                  "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
                },
                {
                  "name": "https://kb.cert.org/vuls/id/799380",
                  "refsource": "MISC",
                  "url": "https://kb.cert.org/vuls/id/799380"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-26560",
        "datePublished": "2021-05-24T17:06:57.000Z",
        "dateReserved": "2020-10-04T00:00:00.000Z",
        "dateUpdated": "2025-11-04T19:12:21.032Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-26559 (GCVE-0-2020-26559)

    Vulnerability from nvd – Published: 2021-05-24 17:13 – Updated: 2025-11-04 19:12
    VLAI
    Summary
    Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (participating in the provisioning protocol) to identify the AuthValue used given the Provisioner’s public key, and the confirmation number and nonce provided by the provisioning device. This could permit a device without the AuthValue to complete provisioning without brute-forcing the AuthValue.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T19:12:19.938Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kb.cert.org/vuls/id/799380"
              },
              {
                "url": "https://www.kb.cert.org/vuls/id/799380"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (participating in the provisioning protocol) to identify the AuthValue used given the Provisioner\u2019s public key, and the confirmation number and nonce provided by the provisioning device. This could permit a device without the AuthValue to complete provisioning without brute-forcing the AuthValue."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-05-24T17:13:12.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kb.cert.org/vuls/id/799380"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-26559",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (participating in the provisioning protocol) to identify the AuthValue used given the Provisioner\u2019s public key, and the confirmation number and nonce provided by the provisioning device. This could permit a device without the AuthValue to complete provisioning without brute-forcing the AuthValue."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/",
                  "refsource": "MISC",
                  "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
                },
                {
                  "name": "https://kb.cert.org/vuls/id/799380",
                  "refsource": "MISC",
                  "url": "https://kb.cert.org/vuls/id/799380"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-26559",
        "datePublished": "2021-05-24T17:13:12.000Z",
        "dateReserved": "2020-10-04T00:00:00.000Z",
        "dateUpdated": "2025-11-04T19:12:19.938Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-26558 (GCVE-0-2020-26558)

    Vulnerability from nvd – Published: 2021-05-24 17:22 – Updated: 2025-11-04 19:12
    VLAI
    Summary
    Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T19:12:18.753Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kb.cert.org/vuls/id/799380"
              },
              {
                "name": "FEDORA-2021-a35b44fd9f",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSS6CTGE4UGTJLCOZOASDR3T3SLL6QJZ/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html"
              },
              {
                "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
              },
              {
                "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
              },
              {
                "name": "[debian-lts-announce] 20210626 [SECURITY] [DLA 2692-1] bluez security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00022.html"
              },
              {
                "name": "DSA-4951",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2021/dsa-4951"
              },
              {
                "name": "GLSA-202209-16",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202209-16"
              },
              {
                "url": "https://www.kb.cert.org/vuls/id/799380"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-29T16:07:24.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kb.cert.org/vuls/id/799380"
            },
            {
              "name": "FEDORA-2021-a35b44fd9f",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSS6CTGE4UGTJLCOZOASDR3T3SLL6QJZ/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html"
            },
            {
              "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
            },
            {
              "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
            },
            {
              "name": "[debian-lts-announce] 20210626 [SECURITY] [DLA 2692-1] bluez security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00022.html"
            },
            {
              "name": "DSA-4951",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2021/dsa-4951"
            },
            {
              "name": "GLSA-202209-16",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202209-16"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-26558",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/",
                  "refsource": "MISC",
                  "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
                },
                {
                  "name": "https://kb.cert.org/vuls/id/799380",
                  "refsource": "MISC",
                  "url": "https://kb.cert.org/vuls/id/799380"
                },
                {
                  "name": "FEDORA-2021-a35b44fd9f",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NSS6CTGE4UGTJLCOZOASDR3T3SLL6QJZ/"
                },
                {
                  "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html"
                },
                {
                  "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html"
                },
                {
                  "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
                },
                {
                  "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
                },
                {
                  "name": "[debian-lts-announce] 20210626 [SECURITY] [DLA 2692-1] bluez security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00022.html"
                },
                {
                  "name": "DSA-4951",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2021/dsa-4951"
                },
                {
                  "name": "GLSA-202209-16",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202209-16"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-26558",
        "datePublished": "2021-05-24T17:22:16.000Z",
        "dateReserved": "2020-10-04T00:00:00.000Z",
        "dateUpdated": "2025-11-04T19:12:18.753Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-26557 (GCVE-0-2020-26557)

    Vulnerability from nvd – Published: 2021-05-24 17:28 – Updated: 2025-11-04 19:12
    VLAI
    Summary
    Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (without possession of the AuthValue used in the provisioning protocol) to determine the AuthValue via a brute-force attack (unless the AuthValue is sufficiently random and changed each time).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T19:12:17.663Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kb.cert.org/vuls/id/799380"
              },
              {
                "url": "https://www.kb.cert.org/vuls/id/799380"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (without possession of the AuthValue used in the provisioning protocol) to determine the AuthValue via a brute-force attack (unless the AuthValue is sufficiently random and changed each time)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-05-24T17:28:56.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kb.cert.org/vuls/id/799380"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-26557",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (without possession of the AuthValue used in the provisioning protocol) to determine the AuthValue via a brute-force attack (unless the AuthValue is sufficiently random and changed each time)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/",
                  "refsource": "MISC",
                  "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
                },
                {
                  "name": "https://kb.cert.org/vuls/id/799380",
                  "refsource": "MISC",
                  "url": "https://kb.cert.org/vuls/id/799380"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-26557",
        "datePublished": "2021-05-24T17:28:56.000Z",
        "dateReserved": "2020-10-04T00:00:00.000Z",
        "dateUpdated": "2025-11-04T19:12:17.663Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-26556 (GCVE-0-2020-26556)

    Vulnerability from nvd – Published: 2021-05-24 17:34 – Updated: 2024-08-04 15:56
    VLAI
    Summary
    Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to conduct a successful brute-force attack on an insufficiently random AuthValue before the provisioning procedure times out, to complete authentication by leveraging Malleable Commitment.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://www.kb.cert.org/vuls/id/799380 third-party-advisoryx_refsource_CERT-VN
    https://www.bluetooth.com/learn-about-bluetooth/k… x_refsource_MISC
    https://kb.cert.org/vuls/id/799380 x_refsource_MISC
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T15:56:04.887Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#799380",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/799380"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kb.cert.org/vuls/id/799380"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to conduct a successful brute-force attack on an insufficiently random AuthValue before the provisioning procedure times out, to complete authentication by leveraging Malleable Commitment."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-29T08:06:17.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "VU#799380",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/799380"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kb.cert.org/vuls/id/799380"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-26556",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to conduct a successful brute-force attack on an insufficiently random AuthValue before the provisioning procedure times out, to complete authentication by leveraging Malleable Commitment."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#799380",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/799380"
                },
                {
                  "name": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/",
                  "refsource": "MISC",
                  "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
                },
                {
                  "name": "https://kb.cert.org/vuls/id/799380",
                  "refsource": "MISC",
                  "url": "https://kb.cert.org/vuls/id/799380"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-26556",
        "datePublished": "2021-05-24T17:34:58.000Z",
        "dateReserved": "2020-10-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T15:56:04.887Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-26555 (GCVE-0-2020-26555)

    Vulnerability from nvd – Published: 2021-05-24 17:41 – Updated: 2025-11-04 19:12
    VLAI
    Summary
    Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T19:12:16.581Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kb.cert.org/vuls/id/799380"
              },
              {
                "name": "FEDORA-2021-a35b44fd9f",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSS6CTGE4UGTJLCOZOASDR3T3SLL6QJZ/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html"
              },
              {
                "url": "https://www.kb.cert.org/vuls/id/799380"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-08T17:06:22.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kb.cert.org/vuls/id/799380"
            },
            {
              "name": "FEDORA-2021-a35b44fd9f",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSS6CTGE4UGTJLCOZOASDR3T3SLL6QJZ/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-26555",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/",
                  "refsource": "MISC",
                  "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
                },
                {
                  "name": "https://kb.cert.org/vuls/id/799380",
                  "refsource": "MISC",
                  "url": "https://kb.cert.org/vuls/id/799380"
                },
                {
                  "name": "FEDORA-2021-a35b44fd9f",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NSS6CTGE4UGTJLCOZOASDR3T3SLL6QJZ/"
                },
                {
                  "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-26555",
        "datePublished": "2021-05-24T17:41:15.000Z",
        "dateReserved": "2020-10-04T00:00:00.000Z",
        "dateUpdated": "2025-11-04T19:12:16.581Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-15802 (GCVE-0-2020-15802)

    Vulnerability from nvd – Published: 2020-09-11 13:07 – Updated: 2024-08-04 13:30
    VLAI
    Summary
    Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Transport Key Derivation in Bluetooth Core Specification v4.2 and v5.0 may permit an unauthenticated user to establish a bonding with one transport, either LE or BR/EDR, and replace a bonding already established on the opposing transport, BR/EDR or LE, potentially overwriting an authenticated key with an unauthenticated key, or a key with greater entropy with one with less.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T13:30:21.685Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/589825"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gizmodo.com/bluetooth-unveils-its-latest-security-issue-with-no-se-1845013709"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Transport Key Derivation in Bluetooth Core Specification v4.2 and v5.0 may permit an unauthenticated user to establish a bonding with one transport, either LE or BR/EDR, and replace a bonding already established on the opposing transport, BR/EDR or LE, potentially overwriting an authenticated key with an unauthenticated key, or a key with greater entropy with one with less."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-11-13T16:12:48.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.kb.cert.org/vuls/id/589825"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gizmodo.com/bluetooth-unveils-its-latest-security-issue-with-no-se-1845013709"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-15802",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Transport Key Derivation in Bluetooth Core Specification v4.2 and v5.0 may permit an unauthenticated user to establish a bonding with one transport, either LE or BR/EDR, and replace a bonding already established on the opposing transport, BR/EDR or LE, potentially overwriting an authenticated key with an unauthenticated key, or a key with greater entropy with one with less."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.kb.cert.org/vuls/id/589825",
                  "refsource": "MISC",
                  "url": "https://www.kb.cert.org/vuls/id/589825"
                },
                {
                  "name": "https://gizmodo.com/bluetooth-unveils-its-latest-security-issue-with-no-se-1845013709",
                  "refsource": "MISC",
                  "url": "https://gizmodo.com/bluetooth-unveils-its-latest-security-issue-with-no-se-1845013709"
                },
                {
                  "name": "https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/",
                  "refsource": "CONFIRM",
                  "url": "https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-15802",
        "datePublished": "2020-09-11T13:07:22.000Z",
        "dateReserved": "2020-07-17T00:00:00.000Z",
        "dateUpdated": "2024-08-04T13:30:21.685Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-24023 (GCVE-0-2023-24023)

    Vulnerability from cvelistv5 – Published: 2023-11-28 00:00 – Updated: 2024-08-02 10:49
    VLAI
    Summary
    Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    bluetooth bluetooth_core_specification Affected: 4.2 , ≤ 5.4 (custom)
        cpe:2.3:a:bluetooth:bluetooth_core_specification:4.2:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:bluetooth:bluetooth_core_specification:4.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bluetooth_core_specification",
                "vendor": "bluetooth",
                "versions": [
                  {
                    "lessThanOrEqual": "5.4",
                    "status": "affected",
                    "version": "4.2",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-24023",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-01T03:55:58.358030Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-01T13:14:49.093Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:49:09.028Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/bluffs-vulnerability/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://dl.acm.org/doi/10.1145/3576915.3623066"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-28T06:55:49.765Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/bluffs-vulnerability/"
            },
            {
              "url": "https://dl.acm.org/doi/10.1145/3576915.3623066"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-24023",
        "datePublished": "2023-11-28T00:00:00.000Z",
        "dateReserved": "2023-01-20T00:00:00.000Z",
        "dateUpdated": "2024-08-02T10:49:09.028Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-24695 (GCVE-0-2022-24695)

    Vulnerability from cvelistv5 – Published: 2023-06-02 00:00 – Updated: 2025-01-10 18:29
    VLAI
    Summary
    Bluetooth Classic in Bluetooth Core Specification through 5.3 does not properly conceal device information for Bluetooth transceivers in Non-Discoverable mode. By conducting an efficient over-the-air attack, an attacker can fully extract the permanent, unique Bluetooth MAC identifier, along with device capabilities and identifiers, some of which may contain identifying information about the device owner. This additionally allows the attacker to establish a connection to the target device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-203 - Observable Discrepancy
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:20:50.042Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.bluetooth.com/specifications/specs/core-specification/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.computer.org/csdl/proceedings-article/sp/2023/933600a521/1He7Yja1AYM"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sp2023.ieee-security.org/program-papers.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-24695",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-10T18:29:51.256244Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-203",
                    "description": "CWE-203 Observable Discrepancy",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-10T18:29:57.338Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Bluetooth Classic in Bluetooth Core Specification through 5.3 does not properly conceal device information for Bluetooth transceivers in Non-Discoverable mode. By conducting an efficient over-the-air attack, an attacker can fully extract the permanent, unique Bluetooth MAC identifier, along with device capabilities and identifiers, some of which may contain identifying information about the device owner. This additionally allows the attacker to establish a connection to the target device."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-02T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.bluetooth.com/specifications/specs/core-specification/"
            },
            {
              "url": "https://www.computer.org/csdl/proceedings-article/sp/2023/933600a521/1He7Yja1AYM"
            },
            {
              "url": "https://sp2023.ieee-security.org/program-papers.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-24695",
        "datePublished": "2023-06-02T00:00:00.000Z",
        "dateReserved": "2022-02-09T00:00:00.000Z",
        "dateUpdated": "2025-01-10T18:29:57.338Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-25837 (GCVE-0-2022-25837)

    Vulnerability from cvelistv5 – Published: 2022-12-12 00:00 – Updated: 2025-04-22 20:21
    VLAI
    Summary
    Bluetooth® Pairing in Bluetooth Core Specification v1.0B through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when at least one device supports BR/EDR Secure Connections pairing and the other BR/EDR Legacy PIN code pairing if the MITM negotiates BR/EDR Secure Simple Pairing in Secure Connections mode using the Passkey association model with the pairing Initiator and BR/EDR Legacy PIN code pairing with the pairing Responder and brute forces the Passkey entered by the user into the Responder as a 6-digit PIN code. The MITM attacker can use the identified PIN code value as the Passkey value to complete authentication with the Initiator via Bluetooth pairing method confusion.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-294 - Authentication Bypass by Capture-replay
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:49:43.634Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-25837",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-22T20:21:00.675180Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-294",
                    "description": "CWE-294 Authentication Bypass by Capture-replay",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-22T20:21:36.394Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Bluetooth\u00ae Pairing in Bluetooth Core Specification v1.0B through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when at least one device supports BR/EDR Secure Connections pairing and the other BR/EDR Legacy PIN code pairing if the MITM negotiates BR/EDR Secure Simple Pairing in Secure Connections mode using the Passkey association model with the pairing Initiator and BR/EDR Legacy PIN code pairing with the pairing Responder and brute forces the Passkey entered by the user into the Responder as a 6-digit PIN code. The MITM attacker can use the identified PIN code value as the Passkey value to complete authentication with the Initiator via Bluetooth pairing method confusion."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-12T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-25837",
        "datePublished": "2022-12-12T00:00:00.000Z",
        "dateReserved": "2022-02-24T00:00:00.000Z",
        "dateUpdated": "2025-04-22T20:21:36.394Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-25836 (GCVE-0-2022-25836)

    Vulnerability from cvelistv5 – Published: 2022-12-12 00:00 – Updated: 2025-04-22 20:15
    VLAI
    Summary
    Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4.0 through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when the MITM negotiates Legacy Passkey Pairing with the pairing Initiator and Secure Connections Passkey Pairing with the pairing Responder and brute forces the Passkey entered by the user into the Initiator. The MITM attacker can use the identified Passkey value to complete authentication with the Responder via Bluetooth pairing method confusion.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-294 - Authentication Bypass by Capture-replay
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:49:43.981Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-25836",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-22T20:14:37.664817Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-294",
                    "description": "CWE-294 Authentication Bypass by Capture-replay",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-22T20:15:08.966Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Bluetooth\u00ae Low Energy Pairing in Bluetooth Core Specification v4.0 through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when the MITM negotiates Legacy Passkey Pairing with the pairing Initiator and Secure Connections Passkey Pairing with the pairing Responder and brute forces the Passkey entered by the user into the Initiator. The MITM attacker can use the identified Passkey value to complete authentication with the Responder via Bluetooth pairing method confusion."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-12T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-25836",
        "datePublished": "2022-12-12T00:00:00.000Z",
        "dateReserved": "2022-02-24T00:00:00.000Z",
        "dateUpdated": "2025-04-22T20:15:08.966Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-35473 (GCVE-0-2020-35473)

    Vulnerability from cvelistv5 – Published: 2022-11-08 00:00 – Updated: 2025-05-01 17:28
    VLAI
    Summary
    An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Bluetooth Core Specifications 4.0 through 5.2, and extended scan response in Bluetooth Core Specifications 5.0 through 5.2, may be used to identify devices using Resolvable Private Addressing (RPA) by their response or non-response to specific scan requests from remote addresses. RPAs that have been associated with a specific remote device may also be used to identify a peer in the same manner by using its reaction to an active scan request. This has also been called an allowlist-based side channel.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-294 - Authentication Bypass by Capture-replay
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:02:08.006Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://dl.acm.org/doi/10.1145/3548606.3559372"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sigsac.org/ccs/CCS2022/proceedings/ccs-proceedings.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-35473",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-01T17:27:22.791531Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-294",
                    "description": "CWE-294 Authentication Bypass by Capture-replay",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-01T17:28:19.414Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Bluetooth Core Specifications 4.0 through 5.2, and extended scan response in Bluetooth Core Specifications 5.0 through 5.2, may be used to identify devices using Resolvable Private Addressing (RPA) by their response or non-response to specific scan requests from remote addresses. RPAs that have been associated with a specific remote device may also be used to identify a peer in the same manner by using its reaction to an active scan request. This has also been called an allowlist-based side channel."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-08T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://dl.acm.org/doi/10.1145/3548606.3559372"
            },
            {
              "url": "https://www.sigsac.org/ccs/CCS2022/proceedings/ccs-proceedings.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-35473",
        "datePublished": "2022-11-08T00:00:00.000Z",
        "dateReserved": "2020-12-16T00:00:00.000Z",
        "dateUpdated": "2025-05-01T17:28:19.414Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-31615 (GCVE-0-2021-31615)

    Vulnerability from cvelistv5 – Published: 2021-06-25 11:59 – Updated: 2024-08-03 23:03
    VLAI
    Summary
    Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 may permit an adjacent device to inject a crafted packet during the receive window of the listening device before the transmitting device initiates its packet transmission to achieve full MITM status without terminating the link. When applied against devices establishing or using encrypted links, crafted packets may be used to terminate an existing link, but will not compromise the confidentiality or integrity of the link.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:03:33.657Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bluetooth.com"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/injectable/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 may permit an adjacent device to inject a crafted packet during the receive window of the listening device before the transmitting device initiates its packet transmission to achieve full MITM status without terminating the link. When applied against devices establishing or using encrypted links, crafted packets may be used to terminate an existing link, but will not compromise the confidentiality or integrity of the link."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-25T11:59:42.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bluetooth.com"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/injectable/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-31615",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 may permit an adjacent device to inject a crafted packet during the receive window of the listening device before the transmitting device initiates its packet transmission to achieve full MITM status without terminating the link. When applied against devices establishing or using encrypted links, crafted packets may be used to terminate an existing link, but will not compromise the confidentiality or integrity of the link."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bluetooth.com",
                  "refsource": "MISC",
                  "url": "https://bluetooth.com"
                },
                {
                  "name": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/injectable/",
                  "refsource": "MISC",
                  "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/injectable/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-31615",
        "datePublished": "2021-06-25T11:59:42.000Z",
        "dateReserved": "2021-04-23T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:03:33.657Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-26555 (GCVE-0-2020-26555)

    Vulnerability from cvelistv5 – Published: 2021-05-24 17:41 – Updated: 2025-11-04 19:12
    VLAI
    Summary
    Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T19:12:16.581Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kb.cert.org/vuls/id/799380"
              },
              {
                "name": "FEDORA-2021-a35b44fd9f",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSS6CTGE4UGTJLCOZOASDR3T3SLL6QJZ/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html"
              },
              {
                "url": "https://www.kb.cert.org/vuls/id/799380"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-08T17:06:22.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kb.cert.org/vuls/id/799380"
            },
            {
              "name": "FEDORA-2021-a35b44fd9f",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSS6CTGE4UGTJLCOZOASDR3T3SLL6QJZ/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-26555",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/",
                  "refsource": "MISC",
                  "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
                },
                {
                  "name": "https://kb.cert.org/vuls/id/799380",
                  "refsource": "MISC",
                  "url": "https://kb.cert.org/vuls/id/799380"
                },
                {
                  "name": "FEDORA-2021-a35b44fd9f",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NSS6CTGE4UGTJLCOZOASDR3T3SLL6QJZ/"
                },
                {
                  "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-26555",
        "datePublished": "2021-05-24T17:41:15.000Z",
        "dateReserved": "2020-10-04T00:00:00.000Z",
        "dateUpdated": "2025-11-04T19:12:16.581Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-26556 (GCVE-0-2020-26556)

    Vulnerability from cvelistv5 – Published: 2021-05-24 17:34 – Updated: 2024-08-04 15:56
    VLAI
    Summary
    Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to conduct a successful brute-force attack on an insufficiently random AuthValue before the provisioning procedure times out, to complete authentication by leveraging Malleable Commitment.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://www.kb.cert.org/vuls/id/799380 third-party-advisoryx_refsource_CERT-VN
    https://www.bluetooth.com/learn-about-bluetooth/k… x_refsource_MISC
    https://kb.cert.org/vuls/id/799380 x_refsource_MISC
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T15:56:04.887Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#799380",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/799380"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kb.cert.org/vuls/id/799380"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to conduct a successful brute-force attack on an insufficiently random AuthValue before the provisioning procedure times out, to complete authentication by leveraging Malleable Commitment."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-29T08:06:17.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "VU#799380",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/799380"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kb.cert.org/vuls/id/799380"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-26556",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to conduct a successful brute-force attack on an insufficiently random AuthValue before the provisioning procedure times out, to complete authentication by leveraging Malleable Commitment."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#799380",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/799380"
                },
                {
                  "name": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/",
                  "refsource": "MISC",
                  "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
                },
                {
                  "name": "https://kb.cert.org/vuls/id/799380",
                  "refsource": "MISC",
                  "url": "https://kb.cert.org/vuls/id/799380"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-26556",
        "datePublished": "2021-05-24T17:34:58.000Z",
        "dateReserved": "2020-10-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T15:56:04.887Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-26557 (GCVE-0-2020-26557)

    Vulnerability from cvelistv5 – Published: 2021-05-24 17:28 – Updated: 2025-11-04 19:12
    VLAI
    Summary
    Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (without possession of the AuthValue used in the provisioning protocol) to determine the AuthValue via a brute-force attack (unless the AuthValue is sufficiently random and changed each time).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T19:12:17.663Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kb.cert.org/vuls/id/799380"
              },
              {
                "url": "https://www.kb.cert.org/vuls/id/799380"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (without possession of the AuthValue used in the provisioning protocol) to determine the AuthValue via a brute-force attack (unless the AuthValue is sufficiently random and changed each time)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-05-24T17:28:56.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kb.cert.org/vuls/id/799380"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-26557",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (without possession of the AuthValue used in the provisioning protocol) to determine the AuthValue via a brute-force attack (unless the AuthValue is sufficiently random and changed each time)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/",
                  "refsource": "MISC",
                  "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
                },
                {
                  "name": "https://kb.cert.org/vuls/id/799380",
                  "refsource": "MISC",
                  "url": "https://kb.cert.org/vuls/id/799380"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-26557",
        "datePublished": "2021-05-24T17:28:56.000Z",
        "dateReserved": "2020-10-04T00:00:00.000Z",
        "dateUpdated": "2025-11-04T19:12:17.663Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-26558 (GCVE-0-2020-26558)

    Vulnerability from cvelistv5 – Published: 2021-05-24 17:22 – Updated: 2025-11-04 19:12
    VLAI
    Summary
    Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T19:12:18.753Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kb.cert.org/vuls/id/799380"
              },
              {
                "name": "FEDORA-2021-a35b44fd9f",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSS6CTGE4UGTJLCOZOASDR3T3SLL6QJZ/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html"
              },
              {
                "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
              },
              {
                "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
              },
              {
                "name": "[debian-lts-announce] 20210626 [SECURITY] [DLA 2692-1] bluez security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00022.html"
              },
              {
                "name": "DSA-4951",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2021/dsa-4951"
              },
              {
                "name": "GLSA-202209-16",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202209-16"
              },
              {
                "url": "https://www.kb.cert.org/vuls/id/799380"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-29T16:07:24.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kb.cert.org/vuls/id/799380"
            },
            {
              "name": "FEDORA-2021-a35b44fd9f",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSS6CTGE4UGTJLCOZOASDR3T3SLL6QJZ/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html"
            },
            {
              "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
            },
            {
              "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
            },
            {
              "name": "[debian-lts-announce] 20210626 [SECURITY] [DLA 2692-1] bluez security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00022.html"
            },
            {
              "name": "DSA-4951",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2021/dsa-4951"
            },
            {
              "name": "GLSA-202209-16",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202209-16"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-26558",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/",
                  "refsource": "MISC",
                  "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
                },
                {
                  "name": "https://kb.cert.org/vuls/id/799380",
                  "refsource": "MISC",
                  "url": "https://kb.cert.org/vuls/id/799380"
                },
                {
                  "name": "FEDORA-2021-a35b44fd9f",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NSS6CTGE4UGTJLCOZOASDR3T3SLL6QJZ/"
                },
                {
                  "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html"
                },
                {
                  "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html"
                },
                {
                  "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
                },
                {
                  "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
                },
                {
                  "name": "[debian-lts-announce] 20210626 [SECURITY] [DLA 2692-1] bluez security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00022.html"
                },
                {
                  "name": "DSA-4951",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2021/dsa-4951"
                },
                {
                  "name": "GLSA-202209-16",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202209-16"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-26558",
        "datePublished": "2021-05-24T17:22:16.000Z",
        "dateReserved": "2020-10-04T00:00:00.000Z",
        "dateUpdated": "2025-11-04T19:12:18.753Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-26559 (GCVE-0-2020-26559)

    Vulnerability from cvelistv5 – Published: 2021-05-24 17:13 – Updated: 2025-11-04 19:12
    VLAI
    Summary
    Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (participating in the provisioning protocol) to identify the AuthValue used given the Provisioner’s public key, and the confirmation number and nonce provided by the provisioning device. This could permit a device without the AuthValue to complete provisioning without brute-forcing the AuthValue.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T19:12:19.938Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kb.cert.org/vuls/id/799380"
              },
              {
                "url": "https://www.kb.cert.org/vuls/id/799380"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (participating in the provisioning protocol) to identify the AuthValue used given the Provisioner\u2019s public key, and the confirmation number and nonce provided by the provisioning device. This could permit a device without the AuthValue to complete provisioning without brute-forcing the AuthValue."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-05-24T17:13:12.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kb.cert.org/vuls/id/799380"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-26559",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (participating in the provisioning protocol) to identify the AuthValue used given the Provisioner\u2019s public key, and the confirmation number and nonce provided by the provisioning device. This could permit a device without the AuthValue to complete provisioning without brute-forcing the AuthValue."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/",
                  "refsource": "MISC",
                  "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
                },
                {
                  "name": "https://kb.cert.org/vuls/id/799380",
                  "refsource": "MISC",
                  "url": "https://kb.cert.org/vuls/id/799380"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-26559",
        "datePublished": "2021-05-24T17:13:12.000Z",
        "dateReserved": "2020-10-04T00:00:00.000Z",
        "dateUpdated": "2025-11-04T19:12:19.938Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-26560 (GCVE-0-2020-26560)

    Vulnerability from cvelistv5 – Published: 2021-05-24 17:06 – Updated: 2025-11-04 19:12
    VLAI
    Summary
    Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, reflecting the authentication evidence from a Provisioner, to complete authentication without possessing the AuthValue, and potentially acquire a NetKey and AppKey.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T19:12:21.032Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kb.cert.org/vuls/id/799380"
              },
              {
                "url": "https://www.kb.cert.org/vuls/id/799380"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, reflecting the authentication evidence from a Provisioner, to complete authentication without possessing the AuthValue, and potentially acquire a NetKey and AppKey."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-05-24T17:06:57.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kb.cert.org/vuls/id/799380"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-26560",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, reflecting the authentication evidence from a Provisioner, to complete authentication without possessing the AuthValue, and potentially acquire a NetKey and AppKey."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/",
                  "refsource": "MISC",
                  "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
                },
                {
                  "name": "https://kb.cert.org/vuls/id/799380",
                  "refsource": "MISC",
                  "url": "https://kb.cert.org/vuls/id/799380"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-26560",
        "datePublished": "2021-05-24T17:06:57.000Z",
        "dateReserved": "2020-10-04T00:00:00.000Z",
        "dateUpdated": "2025-11-04T19:12:21.032Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-15802 (GCVE-0-2020-15802)

    Vulnerability from cvelistv5 – Published: 2020-09-11 13:07 – Updated: 2024-08-04 13:30
    VLAI
    Summary
    Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Transport Key Derivation in Bluetooth Core Specification v4.2 and v5.0 may permit an unauthenticated user to establish a bonding with one transport, either LE or BR/EDR, and replace a bonding already established on the opposing transport, BR/EDR or LE, potentially overwriting an authenticated key with an unauthenticated key, or a key with greater entropy with one with less.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T13:30:21.685Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/589825"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gizmodo.com/bluetooth-unveils-its-latest-security-issue-with-no-se-1845013709"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Transport Key Derivation in Bluetooth Core Specification v4.2 and v5.0 may permit an unauthenticated user to establish a bonding with one transport, either LE or BR/EDR, and replace a bonding already established on the opposing transport, BR/EDR or LE, potentially overwriting an authenticated key with an unauthenticated key, or a key with greater entropy with one with less."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-11-13T16:12:48.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.kb.cert.org/vuls/id/589825"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gizmodo.com/bluetooth-unveils-its-latest-security-issue-with-no-se-1845013709"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-15802",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Transport Key Derivation in Bluetooth Core Specification v4.2 and v5.0 may permit an unauthenticated user to establish a bonding with one transport, either LE or BR/EDR, and replace a bonding already established on the opposing transport, BR/EDR or LE, potentially overwriting an authenticated key with an unauthenticated key, or a key with greater entropy with one with less."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.kb.cert.org/vuls/id/589825",
                  "refsource": "MISC",
                  "url": "https://www.kb.cert.org/vuls/id/589825"
                },
                {
                  "name": "https://gizmodo.com/bluetooth-unveils-its-latest-security-issue-with-no-se-1845013709",
                  "refsource": "MISC",
                  "url": "https://gizmodo.com/bluetooth-unveils-its-latest-security-issue-with-no-se-1845013709"
                },
                {
                  "name": "https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/",
                  "refsource": "CONFIRM",
                  "url": "https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-15802",
        "datePublished": "2020-09-11T13:07:22.000Z",
        "dateReserved": "2020-07-17T00:00:00.000Z",
        "dateUpdated": "2024-08-04T13:30:21.685Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }