1918601 – (CVE-2020-26555) CVE-2020-26555 kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack

Bug 1918601 (CVE-2020-26555) - CVE-2020-26555 kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack

Summary: CVE-2020-26555 kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable t...

Keywords:
Status:	NEW
Alias:	CVE-2020-26555
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1919278 1919279 1960016 1960017 1960018 1964967 1990225 1990226
Blocks:	1904532
TreeView+	depends on / blocked

Reported:	2021-01-21 08:01 UTC by Dhananjay Arunesh
Modified:	2023-12-06 11:14 UTC (History)
CC List:	65 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A vulnerability was found in Linux Kernel, where Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack. When an attacker connects to a victim device using the address of the device and the victim initiates a Pairing, the attacker can reflect the encrypted nonce even without knowledge of the key.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Dhananjay Arunesh 2021-01-21 08:01:51 UTC

A vulnerability was found in Linux Kernel, where Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack. When an attacker connects to a victim device using the address of the device and the victim initiates a Pairing, the attacker can reflect the encrypted nonce even without knowledge of the key.

Comment 6 Rohit Keshri 2021-05-12 19:29:34 UTC

Mitigation:

It is recommended that devices not accept connections from or initiate connections to remote devices claiming the same Bluetooth device address as their own, also a controller computing a null (zero-valued) combination not accept this key as a valid and fail any pairing attempt that produced a null key.

It is also recommends that BR/EDR implementations enable Secure Simple Pairing, and where possible, implementations enable and enforce Secure Connections Only Mode, ensuring that pin-code pairing cannot be used.

Comment 10 Rohit Keshri 2021-05-26 12:56:58 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1964967]

Note You need to log in before you can comment on or make changes to this bug.

acaringi
adscvr
airlied
alciregi
allarkin
bhu
bmasney
bnocera
chwhite
crwood
cye
cyin
darcari
dbohanno
debarbos
dvlasenk
dzickus
ezulian
hdegoede
hkrzesin
hwkernel-mgr
jarod
jarodwilson
jdenham
jeremy
jfaracco
jforbes
jlelli
joe.lawrence
jonathan
josef
jshortt
jstancek
jwboyer
jwyatt
kcarcia
kernel-maint
kernel-mgr
ldoskova
lgoncalv
linville
lzampier
masami256
mcascell
mchehab
mstowell
nmurray
ptalbert
qzhao
rkeshri
rparrazo
rrobaina
rvrbovsk
rysulliv
scweaver
steved
tglozar
tyberry
walters
wcosta
williams
wmealing
ycote
ykopkova
zhijwang