1960012 – (CVE-2020-26556) CVE-2020-26556 kernel: malleable commitment Bluetooth Mesh Provisioning

Bug 1960012 (CVE-2020-26556) - CVE-2020-26556 kernel: malleable commitment Bluetooth Mesh Provisioning

Summary: CVE-2020-26556 kernel: malleable commitment Bluetooth Mesh Provisioning

Keywords:
Status:	NEW
Alias:	CVE-2020-26556
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	1963416 (view as bug list)
Depends On:	1969622 1969623 1969624
Blocks:	1969593
TreeView+	depends on / blocked

Reported:	2021-05-12 19:15 UTC by Guilherme de Almeida Suckevicz
Modified:	2023-09-19 14:13 UTC (History)
CC List:	44 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in the Linux kernel’s authentication protocol in the Bluetooth® Mesh Profile Specification. A vulnerability occurs if the AuthValue is identified during the provisioning procedure, even if the AuthValue is selected randomly. This flaw allows an attacker to identify the AuthValue used before the provisioning procedure times out, possibly completing the provisioning operation and obtaining a NetKey. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Guilherme de Almeida Suckevicz 2021-05-12 19:15:26 UTC

The authentication protocol in the Bluetooth® Mesh Profile Specification versions 1.0 and 1.0.1 is vulnerable if the AuthValue can be identified during the provisioning procedure, even if the AuthValue is selected randomly. If an attacker can identify the AuthValue used before the provisioning procedure times out, it is possible to complete the provisioning operation and obtain a NetKey.

Comment 14 Rohit Keshri 2021-06-08 18:43:39 UTC

Created bluez tracking bugs for this issue:

Affects: fedora-all [bug 1969622]

Comment 16 Rohit Keshri 2021-08-01 16:44:01 UTC

*** Bug 1963416 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.

acaringi
adscvr
airlied
alciregi
bhu
blc
bmasney
bnocera
chwhite
crwood
darcari
dvlasenk
dwmw2
dzickus
hdegoede
hkrzesin
hwkernel-mgr
jarodwilson
jeremy
jforbes
jlelli
jonathan
josef
jshortt
jstancek
jwboyer
kcarcia
kernel-maint
kernel-mgr
lgoncalv
linville
masami256
mchehab
mlangsdo
nmurray
ptalbert
qzhao
rkeshri
rvrbovsk
spacewar
steved
walters
wcosta
williams