VAR-202105-0146
Vulnerability from variot - Updated: 2026-03-05 21:09Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time. Devices supporting the Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure that could allow an attacker to impersonate a legitimate device during pairing.CVE- 2020-26556 Not Affected Vendor Statement: Android does not support Bluetooth Mesh so is not vulnerable. CVE-2020-26555 Affected Vendor Statement: Android has assessed this issue as High severity for Android OS and will be issuing a patch for this vulnerability in an upcoming Android security bulletin. CVE-2020-26557 Not Affected Vendor Statement: Android does not support Bluetooth Mesh so is not vulnerable. CVE-2020-26558 Affected Vendor Statement: Android has reviewed this report and assessed this vulnerability as having impact on Android OS. We will be issuing a patch for this vulnerability in an upcoming Android security bulletin. CVE-2020-26559 Not Affected Vendor Statement: Android does not support Bluetooth Mesh so is not vulnerable. CVE-2020-26560 Not Affected Vendor Statement: Android does not support Bluetooth Mesh so is not vulnerable. VU#799380.5 Affected Vendor Statement: Our assessment of this report is that it is of negligible security impact on Android.CVE- 2020-26556 Not Affected Vendor Statement: Android does not support Bluetooth Mesh so is not vulnerable. CVE-2020-26555 Affected Vendor Statement: Android has assessed this issue as High severity for Android OS and will be issuing a patch for this vulnerability in an upcoming Android security bulletin. CVE-2020-26557 Not Affected Vendor Statement: Android does not support Bluetooth Mesh so is not vulnerable. CVE-2020-26558 Affected Vendor Statement: Android has reviewed this report and assessed this vulnerability as having impact on Android OS. We will be issuing a patch for this vulnerability in an upcoming Android security bulletin. CVE-2020-26559 Not Affected Vendor Statement: Android does not support Bluetooth Mesh so is not vulnerable. CVE-2020-26560 Not Affected Vendor Statement: Android does not support Bluetooth Mesh so is not vulnerable. VU#799380.5 Affected Vendor Statement: Our assessment of this report is that it is of negligible security impact on Android. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202209-16
https://security.gentoo.org/
Severity: High Title: BlueZ: Multiple Vulnerabilities Date: September 29, 2022 Bugs: #797712, #835077 ID: 202209-16
Synopsis
Multiple vulnerabilities have been discovered in BlueZ, the worst of which could result in arbitrary code execution.
Background
BlueZ is the canonical bluetooth tools and system daemons package for Linux.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-wireless/bluez < 5.63 >= 5.63
Description
Multiple vulnerabilities have been discovered in BlueZ. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All BlueZ users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-wireless/bluez-5.63"
References
[ 1 ] CVE-2020-26558 https://nvd.nist.gov/vuln/detail/CVE-2020-26558 [ 2 ] CVE-2021-0129 https://nvd.nist.gov/vuln/detail/CVE-2021-0129 [ 3 ] CVE-2021-3588 https://nvd.nist.gov/vuln/detail/CVE-2021-3588 [ 4 ] CVE-2022-0204 https://nvd.nist.gov/vuln/detail/CVE-2022-0204
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202209-16
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: bluez security update Advisory ID: RHSA-2021:4432-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4432 Issue date: 2021-11-09 CVE Names: CVE-2020-26558 ==================================================================== 1. Summary:
An update for bluez is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
The bluez packages contain the following utilities for use in Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start scripts (Red Hat), and pcmcia configuration files.
Security Fix(es):
- bluez: Passkey Entry protocol of the Bluetooth Core is vulnerable to an impersonation attack (CVE-2020-26558)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
aarch64: bluez-cups-5.56-1.el8.aarch64.rpm bluez-cups-debuginfo-5.56-1.el8.aarch64.rpm bluez-debuginfo-5.56-1.el8.aarch64.rpm bluez-debugsource-5.56-1.el8.aarch64.rpm bluez-hid2hci-debuginfo-5.56-1.el8.aarch64.rpm bluez-libs-debuginfo-5.56-1.el8.aarch64.rpm bluez-obexd-debuginfo-5.56-1.el8.aarch64.rpm
ppc64le: bluez-cups-5.56-1.el8.ppc64le.rpm bluez-cups-debuginfo-5.56-1.el8.ppc64le.rpm bluez-debuginfo-5.56-1.el8.ppc64le.rpm bluez-debugsource-5.56-1.el8.ppc64le.rpm bluez-hid2hci-debuginfo-5.56-1.el8.ppc64le.rpm bluez-libs-debuginfo-5.56-1.el8.ppc64le.rpm bluez-obexd-debuginfo-5.56-1.el8.ppc64le.rpm
s390x: bluez-cups-5.56-1.el8.s390x.rpm bluez-cups-debuginfo-5.56-1.el8.s390x.rpm bluez-debuginfo-5.56-1.el8.s390x.rpm bluez-debugsource-5.56-1.el8.s390x.rpm bluez-hid2hci-debuginfo-5.56-1.el8.s390x.rpm bluez-libs-debuginfo-5.56-1.el8.s390x.rpm bluez-obexd-debuginfo-5.56-1.el8.s390x.rpm
x86_64: bluez-cups-5.56-1.el8.x86_64.rpm bluez-cups-debuginfo-5.56-1.el8.x86_64.rpm bluez-debuginfo-5.56-1.el8.x86_64.rpm bluez-debugsource-5.56-1.el8.x86_64.rpm bluez-hid2hci-debuginfo-5.56-1.el8.x86_64.rpm bluez-libs-debuginfo-5.56-1.el8.x86_64.rpm bluez-obexd-debuginfo-5.56-1.el8.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 8):
Source: bluez-5.56-1.el8.src.rpm
aarch64: bluez-5.56-1.el8.aarch64.rpm bluez-cups-debuginfo-5.56-1.el8.aarch64.rpm bluez-debuginfo-5.56-1.el8.aarch64.rpm bluez-debugsource-5.56-1.el8.aarch64.rpm bluez-hid2hci-5.56-1.el8.aarch64.rpm bluez-hid2hci-debuginfo-5.56-1.el8.aarch64.rpm bluez-libs-5.56-1.el8.aarch64.rpm bluez-libs-debuginfo-5.56-1.el8.aarch64.rpm bluez-obexd-5.56-1.el8.aarch64.rpm bluez-obexd-debuginfo-5.56-1.el8.aarch64.rpm
ppc64le: bluez-5.56-1.el8.ppc64le.rpm bluez-cups-debuginfo-5.56-1.el8.ppc64le.rpm bluez-debuginfo-5.56-1.el8.ppc64le.rpm bluez-debugsource-5.56-1.el8.ppc64le.rpm bluez-hid2hci-5.56-1.el8.ppc64le.rpm bluez-hid2hci-debuginfo-5.56-1.el8.ppc64le.rpm bluez-libs-5.56-1.el8.ppc64le.rpm bluez-libs-debuginfo-5.56-1.el8.ppc64le.rpm bluez-obexd-5.56-1.el8.ppc64le.rpm bluez-obexd-debuginfo-5.56-1.el8.ppc64le.rpm
s390x: bluez-5.56-1.el8.s390x.rpm bluez-cups-debuginfo-5.56-1.el8.s390x.rpm bluez-debuginfo-5.56-1.el8.s390x.rpm bluez-debugsource-5.56-1.el8.s390x.rpm bluez-hid2hci-5.56-1.el8.s390x.rpm bluez-hid2hci-debuginfo-5.56-1.el8.s390x.rpm bluez-libs-5.56-1.el8.s390x.rpm bluez-libs-debuginfo-5.56-1.el8.s390x.rpm bluez-obexd-5.56-1.el8.s390x.rpm bluez-obexd-debuginfo-5.56-1.el8.s390x.rpm
x86_64: bluez-5.56-1.el8.x86_64.rpm bluez-cups-debuginfo-5.56-1.el8.i686.rpm bluez-cups-debuginfo-5.56-1.el8.x86_64.rpm bluez-debuginfo-5.56-1.el8.i686.rpm bluez-debuginfo-5.56-1.el8.x86_64.rpm bluez-debugsource-5.56-1.el8.i686.rpm bluez-debugsource-5.56-1.el8.x86_64.rpm bluez-hid2hci-5.56-1.el8.x86_64.rpm bluez-hid2hci-debuginfo-5.56-1.el8.i686.rpm bluez-hid2hci-debuginfo-5.56-1.el8.x86_64.rpm bluez-libs-5.56-1.el8.i686.rpm bluez-libs-5.56-1.el8.x86_64.rpm bluez-libs-debuginfo-5.56-1.el8.i686.rpm bluez-libs-debuginfo-5.56-1.el8.x86_64.rpm bluez-obexd-5.56-1.el8.x86_64.rpm bluez-obexd-debuginfo-5.56-1.el8.i686.rpm bluez-obexd-debuginfo-5.56-1.el8.x86_64.rpm
Red Hat Enterprise Linux CRB (v. 8):
aarch64: bluez-cups-debuginfo-5.56-1.el8.aarch64.rpm bluez-debuginfo-5.56-1.el8.aarch64.rpm bluez-debugsource-5.56-1.el8.aarch64.rpm bluez-hid2hci-debuginfo-5.56-1.el8.aarch64.rpm bluez-libs-debuginfo-5.56-1.el8.aarch64.rpm bluez-libs-devel-5.56-1.el8.aarch64.rpm bluez-obexd-debuginfo-5.56-1.el8.aarch64.rpm
ppc64le: bluez-cups-debuginfo-5.56-1.el8.ppc64le.rpm bluez-debuginfo-5.56-1.el8.ppc64le.rpm bluez-debugsource-5.56-1.el8.ppc64le.rpm bluez-hid2hci-debuginfo-5.56-1.el8.ppc64le.rpm bluez-libs-debuginfo-5.56-1.el8.ppc64le.rpm bluez-libs-devel-5.56-1.el8.ppc64le.rpm bluez-obexd-debuginfo-5.56-1.el8.ppc64le.rpm
s390x: bluez-cups-debuginfo-5.56-1.el8.s390x.rpm bluez-debuginfo-5.56-1.el8.s390x.rpm bluez-debugsource-5.56-1.el8.s390x.rpm bluez-hid2hci-debuginfo-5.56-1.el8.s390x.rpm bluez-libs-debuginfo-5.56-1.el8.s390x.rpm bluez-libs-devel-5.56-1.el8.s390x.rpm bluez-obexd-debuginfo-5.56-1.el8.s390x.rpm
x86_64: bluez-cups-debuginfo-5.56-1.el8.i686.rpm bluez-cups-debuginfo-5.56-1.el8.x86_64.rpm bluez-debuginfo-5.56-1.el8.i686.rpm bluez-debuginfo-5.56-1.el8.x86_64.rpm bluez-debugsource-5.56-1.el8.i686.rpm bluez-debugsource-5.56-1.el8.x86_64.rpm bluez-hid2hci-debuginfo-5.56-1.el8.i686.rpm bluez-hid2hci-debuginfo-5.56-1.el8.x86_64.rpm bluez-libs-debuginfo-5.56-1.el8.i686.rpm bluez-libs-debuginfo-5.56-1.el8.x86_64.rpm bluez-libs-devel-5.56-1.el8.i686.rpm bluez-libs-devel-5.56-1.el8.x86_64.rpm bluez-obexd-debuginfo-5.56-1.el8.i686.rpm bluez-obexd-debuginfo-5.56-1.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYYrdt9zjgjWX9erEAQj3Kg//RFuvdDqQfdw3Wm00uS+qmxOaUzvG5OVO XrSpoMb5VcrJRKTBY3u4ObfU1+yGJ5iF2wGwxgu6QF4tLUwC/OPSCgvS0lifTcEy OkvBnkR06tBsGTjBmN8wyHQTEGVdFLlFU+sbC+yKjHmF31o6ZgDD7VZV/wuzqSGk ZPR39CzfnnnTzLz2QvrYJZZ/tpgvS5qOTebP/qEmQCuwmRJeTaY+pgj28e8njQjU NMqAcR7/kPX6LIYzdhQgEOCWZ9imxjoYAwY/VMu9T23zuyTkRTQtCC8Q5GJgATRV qD4adxIeyJSvvMzJf6VkvzXu32AWira9oFgFPiYwjEYVJcMmGKZGJx94a1mu2Rs8 TFi3+iuVAdHE1S9NJ54nfxkjnVs6XKDIITNIZkl+isfQEtkkUBfeVcK6U/57wCKN jgvUtrcQpqNH86x3Uu4W//eFlXQrbfzsogDx10d/jSk+PPg60mP6Fzcad8PTgr/H vZygkT1bLbY7lOXejiVnJ8+otIv7tK+XzajDvQwgwC+9IigncMygiSS0SelVht4U rvdqIKs2btFOBk+GhUzEMogaGFDqRUpFKIEFFVtL6d3Uvr4rgDHjMewKdU9v11ED 94Cg3wX0XFYvrnRS1Lxx9m1vuWtevD4EyZLSxcAEMLSXEMoa2c8f7Y6gxb7PGAKb irY79RTeDm4=R6rn -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce .
Original advisory details:
It was discovered that BlueZ incorrectly checked certain permissions when pairing. (CVE-2020-26558)
Jay LV discovered that BlueZ incorrectly handled redundant disconnect MGMT events. ========================================================================== Ubuntu Security Notice USN-5018-1 July 20, 2021
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in the Linux kernel.
Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems - linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems - linux-kvm: Linux kernel for cloud environments - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi2: Linux kernel for Raspberry Pi (V8) systems - linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors - linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-hwe: Linux hardware enablement (HWE) kernel
Details:
It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-33909)
Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly enforce limits for pointer operations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33200)
Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation did not properly clear received fragments from memory in some situations. A physically proximate attacker could possibly use this issue to inject packets or expose sensitive information. (CVE-2020-24586)
Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation incorrectly handled encrypted fragments. A physically proximate attacker could possibly use this issue to decrypt fragments. (CVE-2020-24587)
Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation incorrectly handled EAPOL frames from unauthenticated senders. A physically proximate attacker could inject malicious packets to cause a denial of service (system crash). (CVE-2020-26139)
Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation could reassemble mixed encrypted and plaintext fragments. A physically proximate attacker could possibly use this issue to inject packets or exfiltrate selected fragments. (CVE-2020-26147)
It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. (CVE-2020-26558, CVE-2021-0129)
Or Cohen and Nadav Markus discovered a use-after-free vulnerability in the nfc implementation in the Linux kernel. A privileged local attacker could use this issue to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-23134)
Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly prevent speculative loads in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-31829)
It was discovered that a race condition in the kernel Bluetooth subsystem could lead to use-after-free of slab objects. An attacker could use this issue to possibly execute arbitrary code. (CVE-2021-32399)
It was discovered that a use-after-free existed in the Bluetooth HCI driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33034)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04 LTS: linux-image-4.15.0-1078-oracle 4.15.0-1078.86 linux-image-4.15.0-1092-raspi2 4.15.0-1092.98 linux-image-4.15.0-1097-kvm 4.15.0-1097.99 linux-image-4.15.0-1106-gcp 4.15.0-1106.120 linux-image-4.15.0-1109-aws 4.15.0-1109.116 linux-image-4.15.0-1109-snapdragon 4.15.0-1109.118 linux-image-4.15.0-1121-azure 4.15.0-1121.134 linux-image-4.15.0-151-generic 4.15.0-151.157 linux-image-4.15.0-151-generic-lpae 4.15.0-151.157 linux-image-4.15.0-151-lowlatency 4.15.0-151.157 linux-image-aws-lts-18.04 4.15.0.1109.112 linux-image-azure-lts-18.04 4.15.0.1121.94 linux-image-gcp-lts-18.04 4.15.0.1106.125 linux-image-generic 4.15.0.151.139 linux-image-generic-lpae 4.15.0.151.139 linux-image-kvm 4.15.0.1097.93 linux-image-lowlatency 4.15.0.151.139 linux-image-oracle-lts-18.04 4.15.0.1078.88 linux-image-raspi2 4.15.0.1092.90 linux-image-snapdragon 4.15.0.1109.112 linux-image-virtual 4.15.0.151.139
Ubuntu 16.04 ESM: linux-image-4.15.0-1078-oracle 4.15.0-1078.86~16.04.1 linux-image-4.15.0-1106-gcp 4.15.0-1106.120~16.04.1 linux-image-4.15.0-1109-aws 4.15.0-1109.116~16.04.1 linux-image-4.15.0-1121-azure 4.15.0-1121.134~16.04.1 linux-image-4.15.0-151-generic 4.15.0-151.157~16.04.1 linux-image-4.15.0-151-lowlatency 4.15.0-151.157~16.04.1 linux-image-aws-hwe 4.15.0.1109.100 linux-image-azure 4.15.0.1121.112 linux-image-gcp 4.15.0.1106.107 linux-image-generic-hwe-16.04 4.15.0.151.146 linux-image-gke 4.15.0.1106.107 linux-image-lowlatency-hwe-16.04 4.15.0.151.146 linux-image-oem 4.15.0.151.146 linux-image-oracle 4.15.0.1078.66 linux-image-virtual-hwe-16.04 4.15.0.151.146
Ubuntu 14.04 ESM: linux-image-4.15.0-1121-azure 4.15.0-1121.134~14.04.1 linux-image-azure 4.15.0.1121.94
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: https://ubuntu.com/security/notices/USN-5018-1 CVE-2020-24586, CVE-2020-24587, CVE-2020-26139, CVE-2020-26147, CVE-2020-26558, CVE-2021-0129, CVE-2021-23134, CVE-2021-31829, CVE-2021-32399, CVE-2021-33034, CVE-2021-33200, CVE-2021-33909
Package Information: https://launchpad.net/ubuntu/+source/linux/4.15.0-151.157 https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1109.116 https://launchpad.net/ubuntu/+source/linux-azure-4.15/4.15.0-1121.134 https://launchpad.net/ubuntu/+source/linux-gcp-4.15/4.15.0-1106.120 https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1097.99 https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1078.86 https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1092.98 https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1109.118 . (CVE-2020-26558, CVE-2021-0129)
Michael Brown discovered that the Xen netback driver in the Linux kernel did not properly handle malformed packets from a network PV frontend, leading to a use-after-free vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-0146",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ac 3165",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "ax200",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "5.13"
},
{
"model": "core specification",
"scope": "lte",
"trust": 1.0,
"vendor": "bluetooth",
"version": "5.2"
},
{
"model": "ac 9260",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "ac 3168",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "ac 7265",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "ax210",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "ac 9462",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "ax201",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "ac 8260",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "ac 1550",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core specification",
"scope": "gte",
"trust": 1.0,
"vendor": "bluetooth",
"version": "2.1"
},
{
"model": "ac 9560",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "ac 8265",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "ax1675",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "ac 9461",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "ax1650",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-26558"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This document was written by Madison Oliver.Statement Date:\u00a0\u00a0 February 22, 2021",
"sources": [
{
"db": "CERT/CC",
"id": "VU#799380"
}
],
"trust": 0.8
},
"cve": "CVE-2020-26558",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "CVE-2020-26558",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.6,
"id": "CVE-2020-26558",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-26558",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-1503",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-26558",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-26558"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1503"
},
{
"db": "NVD",
"id": "CVE-2020-26558"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time. Devices supporting the Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure that could allow an attacker to impersonate a legitimate device during pairing.CVE- 2020-26556 Not Affected\nVendor Statement:\nAndroid does not support Bluetooth Mesh so is not vulnerable. \nCVE-2020-26555 Affected\nVendor Statement:\nAndroid has assessed this issue as High severity for Android OS and will be issuing a patch for this vulnerability in an upcoming Android security bulletin. \nCVE-2020-26557 Not Affected\nVendor Statement:\nAndroid does not support Bluetooth Mesh so is not vulnerable. \nCVE-2020-26558 Affected\nVendor Statement:\nAndroid has reviewed this report and assessed this vulnerability as having impact on Android OS. We will be issuing a patch for this vulnerability in an upcoming Android security bulletin. \nCVE-2020-26559 Not Affected\nVendor Statement:\nAndroid does not support Bluetooth Mesh so is not vulnerable. \nCVE-2020-26560 Not Affected\nVendor Statement:\nAndroid does not support Bluetooth Mesh so is not vulnerable. \nVU#799380.5 Affected\nVendor Statement:\nOur assessment of this report is that it is of negligible security impact on Android.CVE- 2020-26556 Not Affected\nVendor Statement:\nAndroid does not support Bluetooth Mesh so is not vulnerable. \nCVE-2020-26555 Affected\nVendor Statement:\nAndroid has assessed this issue as High severity for Android OS and will be issuing a patch for this vulnerability in an upcoming Android security bulletin. \nCVE-2020-26557 Not Affected\nVendor Statement:\nAndroid does not support Bluetooth Mesh so is not vulnerable. \nCVE-2020-26558 Affected\nVendor Statement:\nAndroid has reviewed this report and assessed this vulnerability as having impact on Android OS. We will be issuing a patch for this vulnerability in an upcoming Android security bulletin. \nCVE-2020-26559 Not Affected\nVendor Statement:\nAndroid does not support Bluetooth Mesh so is not vulnerable. \nCVE-2020-26560 Not Affected\nVendor Statement:\nAndroid does not support Bluetooth Mesh so is not vulnerable. \nVU#799380.5 Affected\nVendor Statement:\nOur assessment of this report is that it is of negligible security impact on Android. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202209-16\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: BlueZ: Multiple Vulnerabilities\n Date: September 29, 2022\n Bugs: #797712, #835077\n ID: 202209-16\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been discovered in BlueZ, the worst of\nwhich could result in arbitrary code execution. \n\nBackground\n==========\n\nBlueZ is the canonical bluetooth tools and system daemons package for\nLinux. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-wireless/bluez \u003c 5.63 \u003e= 5.63\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in BlueZ. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll BlueZ users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-wireless/bluez-5.63\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-26558\n https://nvd.nist.gov/vuln/detail/CVE-2020-26558\n[ 2 ] CVE-2021-0129\n https://nvd.nist.gov/vuln/detail/CVE-2021-0129\n[ 3 ] CVE-2021-3588\n https://nvd.nist.gov/vuln/detail/CVE-2021-3588\n[ 4 ] CVE-2022-0204\n https://nvd.nist.gov/vuln/detail/CVE-2022-0204\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202209-16\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: bluez security update\nAdvisory ID: RHSA-2021:4432-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:4432\nIssue date: 2021-11-09\nCVE Names: CVE-2020-26558\n====================================================================\n1. Summary:\n\nAn update for bluez is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe bluez packages contain the following utilities for use in Bluetooth\napplications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start\nscripts (Red Hat), and pcmcia configuration files. \n\nSecurity Fix(es):\n\n* bluez: Passkey Entry protocol of the Bluetooth Core is vulnerable to an\nimpersonation attack (CVE-2020-26558)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.5 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\naarch64:\nbluez-cups-5.56-1.el8.aarch64.rpm\nbluez-cups-debuginfo-5.56-1.el8.aarch64.rpm\nbluez-debuginfo-5.56-1.el8.aarch64.rpm\nbluez-debugsource-5.56-1.el8.aarch64.rpm\nbluez-hid2hci-debuginfo-5.56-1.el8.aarch64.rpm\nbluez-libs-debuginfo-5.56-1.el8.aarch64.rpm\nbluez-obexd-debuginfo-5.56-1.el8.aarch64.rpm\n\nppc64le:\nbluez-cups-5.56-1.el8.ppc64le.rpm\nbluez-cups-debuginfo-5.56-1.el8.ppc64le.rpm\nbluez-debuginfo-5.56-1.el8.ppc64le.rpm\nbluez-debugsource-5.56-1.el8.ppc64le.rpm\nbluez-hid2hci-debuginfo-5.56-1.el8.ppc64le.rpm\nbluez-libs-debuginfo-5.56-1.el8.ppc64le.rpm\nbluez-obexd-debuginfo-5.56-1.el8.ppc64le.rpm\n\ns390x:\nbluez-cups-5.56-1.el8.s390x.rpm\nbluez-cups-debuginfo-5.56-1.el8.s390x.rpm\nbluez-debuginfo-5.56-1.el8.s390x.rpm\nbluez-debugsource-5.56-1.el8.s390x.rpm\nbluez-hid2hci-debuginfo-5.56-1.el8.s390x.rpm\nbluez-libs-debuginfo-5.56-1.el8.s390x.rpm\nbluez-obexd-debuginfo-5.56-1.el8.s390x.rpm\n\nx86_64:\nbluez-cups-5.56-1.el8.x86_64.rpm\nbluez-cups-debuginfo-5.56-1.el8.x86_64.rpm\nbluez-debuginfo-5.56-1.el8.x86_64.rpm\nbluez-debugsource-5.56-1.el8.x86_64.rpm\nbluez-hid2hci-debuginfo-5.56-1.el8.x86_64.rpm\nbluez-libs-debuginfo-5.56-1.el8.x86_64.rpm\nbluez-obexd-debuginfo-5.56-1.el8.x86_64.rpm\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\nbluez-5.56-1.el8.src.rpm\n\naarch64:\nbluez-5.56-1.el8.aarch64.rpm\nbluez-cups-debuginfo-5.56-1.el8.aarch64.rpm\nbluez-debuginfo-5.56-1.el8.aarch64.rpm\nbluez-debugsource-5.56-1.el8.aarch64.rpm\nbluez-hid2hci-5.56-1.el8.aarch64.rpm\nbluez-hid2hci-debuginfo-5.56-1.el8.aarch64.rpm\nbluez-libs-5.56-1.el8.aarch64.rpm\nbluez-libs-debuginfo-5.56-1.el8.aarch64.rpm\nbluez-obexd-5.56-1.el8.aarch64.rpm\nbluez-obexd-debuginfo-5.56-1.el8.aarch64.rpm\n\nppc64le:\nbluez-5.56-1.el8.ppc64le.rpm\nbluez-cups-debuginfo-5.56-1.el8.ppc64le.rpm\nbluez-debuginfo-5.56-1.el8.ppc64le.rpm\nbluez-debugsource-5.56-1.el8.ppc64le.rpm\nbluez-hid2hci-5.56-1.el8.ppc64le.rpm\nbluez-hid2hci-debuginfo-5.56-1.el8.ppc64le.rpm\nbluez-libs-5.56-1.el8.ppc64le.rpm\nbluez-libs-debuginfo-5.56-1.el8.ppc64le.rpm\nbluez-obexd-5.56-1.el8.ppc64le.rpm\nbluez-obexd-debuginfo-5.56-1.el8.ppc64le.rpm\n\ns390x:\nbluez-5.56-1.el8.s390x.rpm\nbluez-cups-debuginfo-5.56-1.el8.s390x.rpm\nbluez-debuginfo-5.56-1.el8.s390x.rpm\nbluez-debugsource-5.56-1.el8.s390x.rpm\nbluez-hid2hci-5.56-1.el8.s390x.rpm\nbluez-hid2hci-debuginfo-5.56-1.el8.s390x.rpm\nbluez-libs-5.56-1.el8.s390x.rpm\nbluez-libs-debuginfo-5.56-1.el8.s390x.rpm\nbluez-obexd-5.56-1.el8.s390x.rpm\nbluez-obexd-debuginfo-5.56-1.el8.s390x.rpm\n\nx86_64:\nbluez-5.56-1.el8.x86_64.rpm\nbluez-cups-debuginfo-5.56-1.el8.i686.rpm\nbluez-cups-debuginfo-5.56-1.el8.x86_64.rpm\nbluez-debuginfo-5.56-1.el8.i686.rpm\nbluez-debuginfo-5.56-1.el8.x86_64.rpm\nbluez-debugsource-5.56-1.el8.i686.rpm\nbluez-debugsource-5.56-1.el8.x86_64.rpm\nbluez-hid2hci-5.56-1.el8.x86_64.rpm\nbluez-hid2hci-debuginfo-5.56-1.el8.i686.rpm\nbluez-hid2hci-debuginfo-5.56-1.el8.x86_64.rpm\nbluez-libs-5.56-1.el8.i686.rpm\nbluez-libs-5.56-1.el8.x86_64.rpm\nbluez-libs-debuginfo-5.56-1.el8.i686.rpm\nbluez-libs-debuginfo-5.56-1.el8.x86_64.rpm\nbluez-obexd-5.56-1.el8.x86_64.rpm\nbluez-obexd-debuginfo-5.56-1.el8.i686.rpm\nbluez-obexd-debuginfo-5.56-1.el8.x86_64.rpm\n\nRed Hat Enterprise Linux CRB (v. 8):\n\naarch64:\nbluez-cups-debuginfo-5.56-1.el8.aarch64.rpm\nbluez-debuginfo-5.56-1.el8.aarch64.rpm\nbluez-debugsource-5.56-1.el8.aarch64.rpm\nbluez-hid2hci-debuginfo-5.56-1.el8.aarch64.rpm\nbluez-libs-debuginfo-5.56-1.el8.aarch64.rpm\nbluez-libs-devel-5.56-1.el8.aarch64.rpm\nbluez-obexd-debuginfo-5.56-1.el8.aarch64.rpm\n\nppc64le:\nbluez-cups-debuginfo-5.56-1.el8.ppc64le.rpm\nbluez-debuginfo-5.56-1.el8.ppc64le.rpm\nbluez-debugsource-5.56-1.el8.ppc64le.rpm\nbluez-hid2hci-debuginfo-5.56-1.el8.ppc64le.rpm\nbluez-libs-debuginfo-5.56-1.el8.ppc64le.rpm\nbluez-libs-devel-5.56-1.el8.ppc64le.rpm\nbluez-obexd-debuginfo-5.56-1.el8.ppc64le.rpm\n\ns390x:\nbluez-cups-debuginfo-5.56-1.el8.s390x.rpm\nbluez-debuginfo-5.56-1.el8.s390x.rpm\nbluez-debugsource-5.56-1.el8.s390x.rpm\nbluez-hid2hci-debuginfo-5.56-1.el8.s390x.rpm\nbluez-libs-debuginfo-5.56-1.el8.s390x.rpm\nbluez-libs-devel-5.56-1.el8.s390x.rpm\nbluez-obexd-debuginfo-5.56-1.el8.s390x.rpm\n\nx86_64:\nbluez-cups-debuginfo-5.56-1.el8.i686.rpm\nbluez-cups-debuginfo-5.56-1.el8.x86_64.rpm\nbluez-debuginfo-5.56-1.el8.i686.rpm\nbluez-debuginfo-5.56-1.el8.x86_64.rpm\nbluez-debugsource-5.56-1.el8.i686.rpm\nbluez-debugsource-5.56-1.el8.x86_64.rpm\nbluez-hid2hci-debuginfo-5.56-1.el8.i686.rpm\nbluez-hid2hci-debuginfo-5.56-1.el8.x86_64.rpm\nbluez-libs-debuginfo-5.56-1.el8.i686.rpm\nbluez-libs-debuginfo-5.56-1.el8.x86_64.rpm\nbluez-libs-devel-5.56-1.el8.i686.rpm\nbluez-libs-devel-5.56-1.el8.x86_64.rpm\nbluez-obexd-debuginfo-5.56-1.el8.i686.rpm\nbluez-obexd-debuginfo-5.56-1.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYYrdt9zjgjWX9erEAQj3Kg//RFuvdDqQfdw3Wm00uS+qmxOaUzvG5OVO\nXrSpoMb5VcrJRKTBY3u4ObfU1+yGJ5iF2wGwxgu6QF4tLUwC/OPSCgvS0lifTcEy\nOkvBnkR06tBsGTjBmN8wyHQTEGVdFLlFU+sbC+yKjHmF31o6ZgDD7VZV/wuzqSGk\nZPR39CzfnnnTzLz2QvrYJZZ/tpgvS5qOTebP/qEmQCuwmRJeTaY+pgj28e8njQjU\nNMqAcR7/kPX6LIYzdhQgEOCWZ9imxjoYAwY/VMu9T23zuyTkRTQtCC8Q5GJgATRV\nqD4adxIeyJSvvMzJf6VkvzXu32AWira9oFgFPiYwjEYVJcMmGKZGJx94a1mu2Rs8\nTFi3+iuVAdHE1S9NJ54nfxkjnVs6XKDIITNIZkl+isfQEtkkUBfeVcK6U/57wCKN\njgvUtrcQpqNH86x3Uu4W//eFlXQrbfzsogDx10d/jSk+PPg60mP6Fzcad8PTgr/H\nvZygkT1bLbY7lOXejiVnJ8+otIv7tK+XzajDvQwgwC+9IigncMygiSS0SelVht4U\nrvdqIKs2btFOBk+GhUzEMogaGFDqRUpFKIEFFVtL6d3Uvr4rgDHjMewKdU9v11ED\n94Cg3wX0XFYvrnRS1Lxx9m1vuWtevD4EyZLSxcAEMLSXEMoa2c8f7Y6gxb7PGAKb\nirY79RTeDm4=R6rn\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nOriginal advisory details:\n\n It was discovered that BlueZ incorrectly checked certain permissions when\n pairing. (CVE-2020-26558)\n\n Jay LV discovered that BlueZ incorrectly handled redundant disconnect MGMT\n events. ==========================================================================\nUbuntu Security Notice USN-5018-1\nJuly 20, 2021\n\nlinux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp,\nlinux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2,\nlinux-snapdragon vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in the Linux kernel. \n\nSoftware Description:\n- linux: Linux kernel\n- linux-aws: Linux kernel for Amazon Web Services (AWS) systems\n- linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems\n- linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems\n- linux-kvm: Linux kernel for cloud environments\n- linux-oracle: Linux kernel for Oracle Cloud systems\n- linux-raspi2: Linux kernel for Raspberry Pi (V8) systems\n- linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors\n- linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems\n- linux-azure: Linux kernel for Microsoft Azure Cloud systems\n- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems\n- linux-hwe: Linux hardware enablement (HWE) kernel\n\nDetails:\n\nIt was discovered that the virtual file system implementation in the Linux\nkernel contained an unsigned to signed integer conversion error. A local\nattacker could use this to cause a denial of service (system crash) or\nexecute arbitrary code. (CVE-2021-33909)\n\nPiotr Krysiuk discovered that the eBPF implementation in the Linux kernel\ndid not properly enforce limits for pointer operations. A local attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2021-33200)\n\nMathy Vanhoef discovered that the Linux kernel\u2019s WiFi implementation did\nnot properly clear received fragments from memory in some situations. A\nphysically proximate attacker could possibly use this issue to inject\npackets or expose sensitive information. (CVE-2020-24586)\n\nMathy Vanhoef discovered that the Linux kernel\u2019s WiFi implementation\nincorrectly handled encrypted fragments. A physically proximate attacker\ncould possibly use this issue to decrypt fragments. (CVE-2020-24587)\n\nMathy Vanhoef discovered that the Linux kernel\u2019s WiFi implementation\nincorrectly handled EAPOL frames from unauthenticated senders. A physically\nproximate attacker could inject malicious packets to cause a denial of\nservice (system crash). (CVE-2020-26139)\n\nMathy Vanhoef discovered that the Linux kernel\u2019s WiFi implementation could\nreassemble mixed encrypted and plaintext fragments. A physically proximate\nattacker could possibly use this issue to inject packets or exfiltrate\nselected fragments. (CVE-2020-26147)\n\nIt was discovered that the bluetooth subsystem in the Linux kernel did not\nproperly perform access control. An authenticated attacker could possibly\nuse this to expose sensitive information. (CVE-2020-26558, CVE-2021-0129)\n\nOr Cohen and Nadav Markus discovered a use-after-free vulnerability in the\nnfc implementation in the Linux kernel. A privileged local attacker could\nuse this issue to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2021-23134)\n\nPiotr Krysiuk discovered that the eBPF implementation in the Linux kernel\ndid not properly prevent speculative loads in certain situations. A local\nattacker could use this to expose sensitive information (kernel memory). \n(CVE-2021-31829)\n\nIt was discovered that a race condition in the kernel Bluetooth subsystem\ncould lead to use-after-free of slab objects. An attacker could use this\nissue to possibly execute arbitrary code. (CVE-2021-32399)\n\nIt was discovered that a use-after-free existed in the Bluetooth HCI driver\nof the Linux kernel. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code. (CVE-2021-33034)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.04 LTS:\n linux-image-4.15.0-1078-oracle 4.15.0-1078.86\n linux-image-4.15.0-1092-raspi2 4.15.0-1092.98\n linux-image-4.15.0-1097-kvm 4.15.0-1097.99\n linux-image-4.15.0-1106-gcp 4.15.0-1106.120\n linux-image-4.15.0-1109-aws 4.15.0-1109.116\n linux-image-4.15.0-1109-snapdragon 4.15.0-1109.118\n linux-image-4.15.0-1121-azure 4.15.0-1121.134\n linux-image-4.15.0-151-generic 4.15.0-151.157\n linux-image-4.15.0-151-generic-lpae 4.15.0-151.157\n linux-image-4.15.0-151-lowlatency 4.15.0-151.157\n linux-image-aws-lts-18.04 4.15.0.1109.112\n linux-image-azure-lts-18.04 4.15.0.1121.94\n linux-image-gcp-lts-18.04 4.15.0.1106.125\n linux-image-generic 4.15.0.151.139\n linux-image-generic-lpae 4.15.0.151.139\n linux-image-kvm 4.15.0.1097.93\n linux-image-lowlatency 4.15.0.151.139\n linux-image-oracle-lts-18.04 4.15.0.1078.88\n linux-image-raspi2 4.15.0.1092.90\n linux-image-snapdragon 4.15.0.1109.112\n linux-image-virtual 4.15.0.151.139\n\nUbuntu 16.04 ESM:\n linux-image-4.15.0-1078-oracle 4.15.0-1078.86~16.04.1\n linux-image-4.15.0-1106-gcp 4.15.0-1106.120~16.04.1\n linux-image-4.15.0-1109-aws 4.15.0-1109.116~16.04.1\n linux-image-4.15.0-1121-azure 4.15.0-1121.134~16.04.1\n linux-image-4.15.0-151-generic 4.15.0-151.157~16.04.1\n linux-image-4.15.0-151-lowlatency 4.15.0-151.157~16.04.1\n linux-image-aws-hwe 4.15.0.1109.100\n linux-image-azure 4.15.0.1121.112\n linux-image-gcp 4.15.0.1106.107\n linux-image-generic-hwe-16.04 4.15.0.151.146\n linux-image-gke 4.15.0.1106.107\n linux-image-lowlatency-hwe-16.04 4.15.0.151.146\n linux-image-oem 4.15.0.151.146\n linux-image-oracle 4.15.0.1078.66\n linux-image-virtual-hwe-16.04 4.15.0.151.146\n\nUbuntu 14.04 ESM:\n linux-image-4.15.0-1121-azure 4.15.0-1121.134~14.04.1\n linux-image-azure 4.15.0.1121.94\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5018-1\n CVE-2020-24586, CVE-2020-24587, CVE-2020-26139, CVE-2020-26147,\n CVE-2020-26558, CVE-2021-0129, CVE-2021-23134, CVE-2021-31829,\n CVE-2021-32399, CVE-2021-33034, CVE-2021-33200, CVE-2021-33909\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/linux/4.15.0-151.157\n https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1109.116\n https://launchpad.net/ubuntu/+source/linux-azure-4.15/4.15.0-1121.134\n https://launchpad.net/ubuntu/+source/linux-gcp-4.15/4.15.0-1106.120\n https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1097.99\n https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1078.86\n https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1092.98\n https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1109.118\n. (CVE-2020-26558, CVE-2021-0129)\n\nMichael Brown discovered that the Xen netback driver in the Linux kernel\ndid not properly handle malformed packets from a network PV frontend,\nleading to a use-after-free vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-26558"
},
{
"db": "CERT/CC",
"id": "VU#799380"
},
{
"db": "VULMON",
"id": "CVE-2020-26558"
},
{
"db": "PACKETSTORM",
"id": "168567"
},
{
"db": "PACKETSTORM",
"id": "164844"
},
{
"db": "PACKETSTORM",
"id": "163186"
},
{
"db": "PACKETSTORM",
"id": "163598"
},
{
"db": "PACKETSTORM",
"id": "163599"
},
{
"db": "PACKETSTORM",
"id": "163905"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-26558",
"trust": 3.2
},
{
"db": "CERT/CC",
"id": "VU#799380",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "168567",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164844",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "163598",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "163905",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.2860",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2350",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2805",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2256",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1225",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2453",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2662",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1976",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1999",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5284",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2368",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2145",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2409",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3754",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2290",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2248",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "163877",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "163184",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "166417",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021052614",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021062109",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021070408",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021060801",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021080805",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021111135",
"trust": 0.6
},
{
"db": "LENOVO",
"id": "LEN-51734",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1503",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-26558",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163186",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163599",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CERT/CC",
"id": "VU#799380"
},
{
"db": "VULMON",
"id": "CVE-2020-26558"
},
{
"db": "PACKETSTORM",
"id": "168567"
},
{
"db": "PACKETSTORM",
"id": "164844"
},
{
"db": "PACKETSTORM",
"id": "163186"
},
{
"db": "PACKETSTORM",
"id": "163598"
},
{
"db": "PACKETSTORM",
"id": "163599"
},
{
"db": "PACKETSTORM",
"id": "163905"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1503"
},
{
"db": "NVD",
"id": "CVE-2020-26558"
}
]
},
"id": "VAR-202105-0146",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"network device"
],
"sub_category": "bluetooth device",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2026-03-05T21:09:33.658000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Bluetooth Core Specification Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=152684"
},
{
"title": "Red Hat: CVE-2020-26558",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2020-26558"
},
{
"title": "Debian CVElist Bug Report Logs: bluez: CVE-2021-0129 CVE-2020-26558",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=0634986a83e749d947f670c2c6fc6f8a"
},
{
"title": "Debian Security Advisories: DSA-4951-1 bluez -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=022b2816062a8ca433d97ca2e73731f3"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2020-26558 log"
},
{
"title": "CVE-2020-26558",
"trust": 0.1,
"url": "https://github.com/AlAIAL90/CVE-2020-26558 "
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/bluetooth-flaws-allow-attackers-to-impersonate-legitimate-devices/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-26558"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1503"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-26558"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://kb.cert.org/vuls/id/799380"
},
{
"trust": 1.7,
"url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/"
},
{
"trust": 1.7,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html"
},
{
"trust": 1.7,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00022.html"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202209-16"
},
{
"trust": 1.6,
"url": "https://www.debian.org/security/2021/dsa-4951"
},
{
"trust": 1.0,
"url": "https://www.kb.cert.org/vuls/id/799380"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/nss6ctge4ugtjlcozoasdr3t3sll6qjz/"
},
{
"trust": 0.8,
"url": "cve- 2020-26556 "
},
{
"trust": 0.8,
"url": "cve-2020-26555 "
},
{
"trust": 0.8,
"url": "cve-2020-26557 "
},
{
"trust": 0.8,
"url": "cve-2020-26558 "
},
{
"trust": 0.8,
"url": "cve-2020-26559 "
},
{
"trust": 0.8,
"url": "cve-2020-26560 "
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/nss6ctge4ugtjlcozoasdr3t3sll6qjz/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26558"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168567/gentoo-linux-security-advisory-202209-16.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021111135"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052614"
},
{
"trust": 0.6,
"url": "https://source.android.com/security/bulletin/2021-06-01"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021080805"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164844/red-hat-security-advisory-2021-4432-03.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2368"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3754"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5284"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2145"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2662"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2860"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163877/ubuntu-security-notice-usn-5046-1.html"
},
{
"trust": 0.6,
"url": "https://www.qualcomm.com/company/product-security/bulletins/june-2021-bulletin"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1225"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021060801"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1976"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021062109"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2248"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2409"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2805"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1999"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021070408"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166417/ubuntu-security-notice-usn-5343-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163184/ubuntu-security-notice-usn-4989-1.html"
},
{
"trust": 0.6,
"url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-phones-202107-0000001170634565"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2350"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163905/ubuntu-security-notice-usn-5050-1.html"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/en/product_security/len-51734"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/bluetooth-privilege-escalation-via-passkey-entry-impersonation-35544"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2256"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2453"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2290"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163598/ubuntu-security-notice-usn-5017-1.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-26558"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33909"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://github.com/alaial90/cve-2020-26558"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0204"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3588"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4432"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-4989-2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27153"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-4989-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1021.22"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp-5.4/5.4.0-1049.53~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1049.53"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle-5.4/5.4.0-1052.56~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1041.45"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1044.46"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5017-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gke-5.4/5.4.0-1049.52~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-hwe-5.4/5.4.0-80.90~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws-5.4/5.4.0-1054.57~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1055.57"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1052.56"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gke/5.4.0-1049.52"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure-5.4/5.4.0-1055.57~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1054.57"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/5.4.0-80.90"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gkeop-5.4/5.4.0-1021.22~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi-5.4/5.4.0-1041.45~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/4.15.0-151.157"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1097.99"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1078.86"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp-4.15/4.15.0-1106.120"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26147"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33200"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5018-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32399"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24586"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1109.116"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1092.98"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure-4.15/4.15.0-1121.134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24587"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33034"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31829"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1109.118"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26139"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5050-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28691"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws-5.8/5.8.0-1042.44~20.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle-5.8/5.8.0-1038.39~20.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3564"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp-5.8/5.8.0-1039.41"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3573"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-38208"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure-5.8/5.8.0-1040.43~20.04.1"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CERT/CC",
"id": "VU#799380"
},
{
"db": "VULMON",
"id": "CVE-2020-26558"
},
{
"db": "PACKETSTORM",
"id": "168567"
},
{
"db": "PACKETSTORM",
"id": "164844"
},
{
"db": "PACKETSTORM",
"id": "163186"
},
{
"db": "PACKETSTORM",
"id": "163598"
},
{
"db": "PACKETSTORM",
"id": "163599"
},
{
"db": "PACKETSTORM",
"id": "163905"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1503"
},
{
"db": "NVD",
"id": "CVE-2020-26558"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "CERT/CC",
"id": "VU#799380"
},
{
"db": "VULMON",
"id": "CVE-2020-26558"
},
{
"db": "PACKETSTORM",
"id": "168567"
},
{
"db": "PACKETSTORM",
"id": "164844"
},
{
"db": "PACKETSTORM",
"id": "163186"
},
{
"db": "PACKETSTORM",
"id": "163598"
},
{
"db": "PACKETSTORM",
"id": "163599"
},
{
"db": "PACKETSTORM",
"id": "163905"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1503"
},
{
"db": "NVD",
"id": "CVE-2020-26558"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-24T00:00:00",
"db": "CERT/CC",
"id": "VU#799380"
},
{
"date": "2021-05-24T00:00:00",
"db": "VULMON",
"id": "CVE-2020-26558"
},
{
"date": "2022-09-30T14:52:58",
"db": "PACKETSTORM",
"id": "168567"
},
{
"date": "2021-11-10T17:05:47",
"db": "PACKETSTORM",
"id": "164844"
},
{
"date": "2021-06-17T17:49:44",
"db": "PACKETSTORM",
"id": "163186"
},
{
"date": "2021-07-21T16:04:36",
"db": "PACKETSTORM",
"id": "163598"
},
{
"date": "2021-07-21T16:04:42",
"db": "PACKETSTORM",
"id": "163599"
},
{
"date": "2021-08-24T15:17:06",
"db": "PACKETSTORM",
"id": "163905"
},
{
"date": "2021-05-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1503"
},
{
"date": "2021-05-24T18:15:07.930000",
"db": "NVD",
"id": "CVE-2020-26558"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-09T00:00:00",
"db": "CERT/CC",
"id": "VU#799380"
},
{
"date": "2021-08-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-26558"
},
{
"date": "2022-10-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1503"
},
{
"date": "2025-11-04T20:15:58.053000",
"db": "NVD",
"id": "CVE-2020-26558"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1503"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Devices supporting Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure",
"sources": [
{
"db": "CERT/CC",
"id": "VU#799380"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1503"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.