Bug 1960011 (CVE-2020-26559)

Summary: CVE-2020-26559 kernel: Authvalue leak in Bluetooth Mesh Provisioning
Product: [Other] Security Response Reporter: Guilherme de Almeida Suckevicz <gsuckevi>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: acaringi, adscvr, airlied, alciregi, bhu, blc, bmasney, bnocera, chwhite, crwood, darcari, dvlasenk, dwmw2, dzickus, hdegoede, hkrzesin, hwkernel-mgr, jarodwilson, jeremy, jforbes, jlelli, jonathan, josef, jshortt, jstancek, jwboyer, kcarcia, kernel-maint, kernel-mgr, lgoncalv, linville, masami256, mchehab, mlangsdo, nmurray, ptalbert, qzhao, rvrbovsk, spacewar, steved, walters, wcosta, williams
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel’s Bluetooth Mesh Profile implementation. The Mesh Provisioning procedure has a vulnerability that allows an attacker that was provisioned without access to the AuthValue to identify the AuthValue directly, without brute-forcing its value. Even when a randomly generated AuthValue with a full 128-bits of entropy is used, an attacker acquiring the Provisioner’s public key, provisioning confirmation value, the random value, and providing its public key for use in the provisioning procedure can directly compute the AuthValue used. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1969613, 1969614, 1969615    
Bug Blocks: 1969593    

Description Guilherme de Almeida Suckevicz 2021-05-12 19:13:30 UTC 
The Mesh Provisioning procedure described in the Bluetooth Mesh Profile Specification versions 1.0 and 1.0.1 could allow an attacker that was provisioned without access to the AuthValue to identify the AuthValue directly without brute-forcing its value. Even when a randomly generated AuthValue with a full 128-bits of entropy is used, an attacker acquiring the Provisioner’s public key, provisioning confirmation value, and provisioning random value and providing its public key for use in the provisioning procedure will be able to directly compute the AuthValue used.
Comment 12 Rohit Keshri 2021-06-08 18:35:58 UTC 
Created bluez tracking bugs for this issue:

Affects: fedora-all [bug 1969615]