Skip to content

Bluetooth BR/EDR encryption key negotiation vulnerability #18658

New issue
New issue
Closed
Bug
#18659
Closed
Bluetooth BR/EDR encryption key negotiation vulnerability#18658
Bug
#18659
Assignees
jhedberg
Labels
area: Bluetootharea: SecuritySecuritybugThe issue is a bug, or the PR is fixing a bugpriority: mediumMedium impact/importance bug
@dleach02

Description

@dleach02
dleach02
opened on Aug 26, 2019

Describe the bug

A security vulnerability in the Bluetooth BR/EDR Bluetooth Core specification versions 1.0 through 5.1 has been identified as CVE-2019-9506. The Bluetooth BR/EDR encryption key negotiation protocol is vulnerable to packet injection that could allow an unauthenticated user to decrease the size of the entropy of the encryption key, potentially causing information disclosure and/or escalation of privileges via adjacent access. There is not currently any knowledge of this being exploited.

The Bluetooth Special Interest Group (SIG) has released specification updates for specification versions 4.2, 5.0, and 5.1 to mitigate this issue. BR/EDR is an experimental feature in Zephyr and should incorporate these changes.

For further information:

https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/
https://www.kb.cert.org/vuls/id/918987/

Bluetooth SIG Errata:
http://go.bluetooth.com/R00t2Y8REQ003040B9FFb40

Metadata

Metadata

Assignees

Labels

area: Bluetootharea: SecuritySecuritybugThe issue is a bug, or the PR is fixing a bugpriority: mediumMedium impact/importance bug

Type

Bug

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions