CVE-2018-5383

Опубликовано: 23 июл. 2018

Источник: redhat

CVSS3: 7.1

Описание

Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.

A vulnerability in Bluetooth pairing potentially allows an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth devices. This may result in information disclosure, elevation of privilege and/or denial of service.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 8	linux-firmware	Not affected
Red Hat Enterprise Linux 9	linux-firmware	Not affected
Red Hat Enterprise MRG 2	linux-firmware	Affected
Red Hat Virtualization 4	linux-firmware	Not affected
Red Hat Enterprise Linux 7	linux-firmware	Fixed	RHSA-2019:2169	06.08.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-325

https://bugzilla.redhat.com/show_bug.cgi?id=1614159kernel: Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange

7.1 High

CVSS3

Связанные уязвимости

CVE-2018-5383

CVSS3: 8

ubuntu

больше 7 лет назад

CVE-2018-5383

CVSS3: 8

nvd

больше 7 лет назад

CVE-2018-5383

CVSS3: 8

debian

больше 7 лет назад

Bluetooth firmware or operating system software drivers in macOS versi ...

openSUSE-SU-2019:0275-1

suse-cvrf

почти 7 лет назад

Security update for kernel-firmware

SUSE-SU-2019:0466-1

suse-cvrf

почти 7 лет назад

Security update for kernel-firmware

7.1 High

CVSS3