Bug 1960012 (CVE-2020-26556)
Summary: | CVE-2020-26556 kernel: malleable commitment Bluetooth Mesh Provisioning | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
Component: | vulnerability | Assignee: | Nobody <nobody> |
Status: | NEW --- | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | acaringi, adscvr, airlied, alciregi, bhu, blc, bmasney, bnocera, chwhite, crwood, darcari, dvlasenk, dwmw2, dzickus, hdegoede, hkrzesin, hwkernel-mgr, jarodwilson, jeremy, jforbes, jlelli, jonathan, josef, jshortt, jstancek, jwboyer, kcarcia, kernel-maint, kernel-mgr, lgoncalv, linville, masami256, mchehab, mlangsdo, nmurray, ptalbert, qzhao, rkeshri, rvrbovsk, spacewar, steved, walters, wcosta, williams |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A flaw was found in the Linux kernel’s authentication protocol in the Bluetooth® Mesh Profile Specification. A vulnerability occurs if the AuthValue is identified during the provisioning procedure, even if the AuthValue is selected randomly. This flaw allows an attacker to identify the AuthValue used before the provisioning procedure times out, possibly completing the provisioning operation and obtaining a NetKey. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1969622, 1969623, 1969624 | ||
Bug Blocks: | 1969593 |
Description
Guilherme de Almeida Suckevicz
2021-05-12 19:15:26 UTC
Created bluez tracking bugs for this issue: Affects: fedora-all [bug 1969622] *** Bug 1963416 has been marked as a duplicate of this bug. *** |