Bug 1918601 (CVE-2020-26555) - CVE-2020-26555 kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack
Summary: CVE-2020-26555 kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable t...
Keywords:
Status: NEW
Alias: CVE-2020-26555
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 1919278 1919279 1960016 1960017 1960018 1964967 1990225 1990226
Blocks: 1904532
TreeView+ depends on / blocked
 
Reported: 2021-01-21 08:01 UTC by Dhananjay Arunesh
Modified: 2024-07-15 07:10 UTC (History)
65 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2024:2634 0 None None None 2024-05-01 01:21:43 UTC
Red Hat Product Errata RHBA-2024:2650 0 None None None 2024-05-02 00:14:31 UTC
Red Hat Product Errata RHBA-2024:2686 0 None None None 2024-05-02 22:49:39 UTC
Red Hat Product Errata RHBA-2024:4354 0 None None None 2024-07-08 07:10:58 UTC
Red Hat Product Errata RHBA-2024:4365 0 None None None 2024-07-08 11:00:41 UTC
Red Hat Product Errata RHBA-2024:4461 0 None None None 2024-07-10 15:55:32 UTC
Red Hat Product Errata RHBA-2024:4463 0 None None None 2024-07-10 18:16:43 UTC
Red Hat Product Errata RHBA-2024:4494 0 None None None 2024-07-11 09:38:43 UTC
Red Hat Product Errata RHBA-2024:4495 0 None None None 2024-07-11 10:35:02 UTC
Red Hat Product Errata RHBA-2024:4507 0 None None None 2024-07-11 13:28:56 UTC
Red Hat Product Errata RHBA-2024:4535 0 None None None 2024-07-15 07:10:37 UTC
Red Hat Product Errata RHSA-2024:2394 0 None None None 2024-04-30 10:07:33 UTC
Red Hat Product Errata RHSA-2024:4211 0 None None None 2024-07-02 08:53:34 UTC
Red Hat Product Errata RHSA-2024:4352 0 None None None 2024-07-08 02:01:36 UTC

Description Dhananjay Arunesh 2021-01-21 08:01:51 UTC 
A vulnerability was found in Linux Kernel, where Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack. When an attacker connects to a victim device using the address of the device and the victim initiates a Pairing, the attacker can reflect the encrypted nonce even without knowledge of the key.
Comment 6 Rohit Keshri 2021-05-12 19:29:34 UTC 
Mitigation:

It is recommended that devices not accept connections from or initiate connections to remote devices claiming the same Bluetooth device address as their own, also a controller computing a null (zero-valued) combination not accept this key as a valid and fail any pairing attempt that produced a null key.

It is also recommends that BR/EDR implementations enable Secure Simple Pairing, and where possible, implementations enable and enforce Secure Connections Only Mode, ensuring that pin-code pairing cannot be used.
Comment 10 Rohit Keshri 2021-05-26 12:56:58 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1964967]
Comment 29 errata-xmlrpc 2024-04-30 10:07:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2394
Comment 30 errata-xmlrpc 2024-07-02 08:53:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:4211 https://access.redhat.com/errata/RHSA-2024:4211
Comment 31 errata-xmlrpc 2024-07-08 02:01:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:4352 https://access.redhat.com/errata/RHSA-2024:4352
Note You need to log in before you can comment on or make changes to this bug.