A vulnerability was found in Linux Kernel, where Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack. When an attacker connects to a victim device using the address of the device and the victim initiates a Pairing, the attacker can reflect the encrypted nonce even without knowledge of the key.
It is recommended that devices not accept connections from or initiate connections to remote devices claiming the same Bluetooth device address as their own, also a controller computing a null (zero-valued) combination not accept this key as a valid and fail any pairing attempt that produced a null key.
It is also recommends that BR/EDR implementations enable Secure Simple Pairing, and where possible, implementations enable and enforce Secure Connections Only Mode, ensuring that pin-code pairing cannot be used.
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1964967]