Bug 1614159 (CVE-2018-5383) - CVE-2018-5383 kernel: Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange
Summary: CVE-2018-5383 kernel: Bluetooth implementations may not sufficiently validate...
Status: NEW
Alias: CVE-2018-5383
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=important,public=20180723,repo...
Keywords: Security
Depends On: 1615683 1615706 1649148 1615684 1615685 1615686 1615687 1615688 1615689 1615707 1649149
Blocks: 1607700
TreeView+ depends on / blocked
 
Reported: 2018-08-09 05:58 UTC by Sam Fowler
Modified: 2019-02-08 15:01 UTC (History)
31 users (show)

(edit)
A vulnerability in Bluetooth pairing potentially allows an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth devices. This may result in information disclosure, elevation of privilege and/or denial of service.
Clone Of:
(edit)
Last Closed:


Attachments (Terms of Use)

Description Sam Fowler 2018-08-09 05:58:51 UTC
A vulnerability in Bluetooth pairing potentially allows an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth devices. This may result in information disclosure, elevation of privilege and/or denial of service.


External References:

https://www.kb.cert.org/vuls/id/304725
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00128.html
https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update

Comment 2 Wade Mealing 2018-08-14 03:26:23 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1615683]

Comment 5 Wade Mealing 2018-08-14 05:32:33 UTC
Created linux-firmware tracking bugs for this issue:

Affects: fedora-all [bug 1615706]


Note You need to log in before you can comment on or make changes to this bug.