Описание
Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.
A vulnerability was found in Linux Kernel, where Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack. When an attacker connects to a victim device using the address of the device and the victim initiates a Pairing, the attacker can reflect the encrypted nonce even without knowledge of the key.
Отчет
Red Hat Product Security is aware of this issue and is currently assessing the impact on Red Hat supported products. Corresponding entry in the Red Hat CVE database (https://access.redhat.com/security/security-updates/#/cve) will be updated with latest information as the assessment progresses.
Меры по смягчению последствий
It is recommended that devices not accept connections from or initiate connections to remote devices claiming the same Bluetooth device address as their own, also a controller computing a null (zero-valued) combination not accept this key as a valid and fail any pairing attempt that produced a null key. It is also recommends that BR/EDR implementations enable Secure Simple Pairing, and where possible, implementations enable and enforce Secure Connections Only Mode, ensuring that pin-code pairing cannot be used.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kernel | Not affected | ||
| Red Hat Enterprise Linux 6 | bluez | Not affected | ||
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | bluez | Out of support scope | ||
| Red Hat Enterprise Linux 7 | kernel | Will not fix | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Will not fix | ||
| Red Hat Enterprise Linux 8 | bluez | Will not fix | ||
| Red Hat Enterprise Linux 9 | bluez | Will not fix | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Fixed | RHSA-2024:4352 | 08.07.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.4 Medium
CVSS3
Связанные уязвимости
Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.
Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.
Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.
ELSA-2024-12110: Unbreakable Enterprise kernel security update (IMPORTANT)
ELSA-2024-12159: Unbreakable Enterprise kernel security update (IMPORTANT)
EPSS
5.4 Medium
CVSS3