The Bluetooth BR/EDR encryption key negotiation protocol is vulnerable to packet injection that could allow an unauthenticated user to decrease the size of the entropy of the encryption key, potentially causing information disclosure and/or escalation of privileges via adjacent access. There is not currently any knowledge of this being exploited. Note: Not all bluetooth devices are vulnerable to this flaw. Only devices that can connect to another using BR/EDR encryption negotiation protocol. CERT notification: https://kb.cert.org/vuls/id/918987/ Upstream patches: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d5bb334a8e171b262e48f378bd2096c0ea458265 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=693cd8ce3f882524a5d06f7800dd8492411877b3 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=eca94432934fe5f141d084f2e36ee2c0e614cc04 Branded site: https://knobattack.com/
This is a flaw in the bluetooth protocol. As per the report: "The Bluetooth Special Interest Group (SIG) is in the process of adjusting the specification to mitigate this issue. They are continuing to work with controller and host vendors to implement patches once the specification is changed, so be aware that patches and additional notifications may be coming from upstream vendors. We strongly recommend that these patches are implemented when they are available. We will communicate more information in regards to this vulnerability as we receive it." Basically seems like a hardware issue to me. The notice for CERT is a heads-up. We probably need to wait till we see "patches".
Mitigation: At this time there is no known mitigation if bluetooth hardware is to be continue to be used. Replacing the hardware with its wired version and disabling bluetooth may be a suitable alternative for some environments.
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1743055]
This flaw is rated as important due to the possible follow-on effects. It is likely that if the attacker could intercept bluetooth keyboard input that this data would contain password input which would be immediately leveraged for further attacks.
This was fixed for Fedora with the 5.0.15 stable kernel updates
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.5 Extended Update Support Via RHSA-2019:2975 https://access.redhat.com/errata/RHSA-2019:2975
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-9506
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:3055 https://access.redhat.com/errata/RHSA-2019:3055
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:3076 https://access.redhat.com/errata/RHSA-2019:3076
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:3089 https://access.redhat.com/errata/RHSA-2019:3089
This issue has been addressed in the following products: Red Hat Enterprise MRG 2 Via RHSA-2019:3165 https://access.redhat.com/errata/RHSA-2019:3165
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions Red Hat Enterprise Linux 7.4 Telco Extended Update Support Via RHSA-2019:3187 https://access.redhat.com/errata/RHSA-2019:3187
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Telco Extended Update Support Red Hat Enterprise Linux 7.3 Advanced Update Support Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions Via RHSA-2019:3218 https://access.redhat.com/errata/RHSA-2019:3218
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:3217 https://access.redhat.com/errata/RHSA-2019:3217
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2019:3220 https://access.redhat.com/errata/RHSA-2019:3220
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2019:3231 https://access.redhat.com/errata/RHSA-2019:3231
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3309
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3517 https://access.redhat.com/errata/RHSA-2019:3517
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:0204 https://access.redhat.com/errata/RHSA-2020:0204
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.2 Advanced Update Support Via RHSA-2020:1460 https://access.redhat.com/errata/RHSA-2020:1460