Bug 1614159 (CVE-2018-5383) - CVE-2018-5383 kernel: Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange
Summary: CVE-2018-5383 kernel: Bluetooth implementations may not sufficiently validate...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2018-5383
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1615683 1615684 1615685 1615686 1615687 1615688 1615689 1615706 1615707 1649148 1649149 1911201
Blocks: 1607700
TreeView+ depends on / blocked
 
Reported: 2018-08-09 05:58 UTC by Sam Fowler
Modified: 2022-04-17 20:55 UTC (History)
32 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability in Bluetooth pairing potentially allows an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth devices. This may result in information disclosure, elevation of privilege and/or denial of service.
Clone Of:
Environment:
Last Closed: 2019-08-06 13:19:00 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2019:2169 0 None None None 2019-08-06 12:23:38 UTC

Description Sam Fowler 2018-08-09 05:58:51 UTC
A vulnerability in Bluetooth pairing potentially allows an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth devices. This may result in information disclosure, elevation of privilege and/or denial of service.


External References:

https://www.kb.cert.org/vuls/id/304725
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00128.html
https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update

Comment 2 Wade Mealing 2018-08-14 03:26:23 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1615683]

Comment 5 Wade Mealing 2018-08-14 05:32:33 UTC
Created linux-firmware tracking bugs for this issue:

Affects: fedora-all [bug 1615706]

Comment 17 errata-xmlrpc 2019-08-06 12:23:36 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:2169 https://access.redhat.com/errata/RHSA-2019:2169

Comment 18 Product Security DevOps Team 2019-08-06 13:19:00 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2018-5383


Note You need to log in before you can comment on or make changes to this bug.