The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.
Fixes

Solution

No solution given by the vendor.


Workaround

Bluetooth SIG Expedited Errata Correction 11838

References
Link Providers
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html cve-icon cve-icon
http://seclists.org/fulldisclosure/2019/Aug/11 cve-icon cve-icon
http://seclists.org/fulldisclosure/2019/Aug/13 cve-icon cve-icon
http://seclists.org/fulldisclosure/2019/Aug/14 cve-icon cve-icon
http://seclists.org/fulldisclosure/2019/Aug/15 cve-icon cve-icon
http://www.cs.ox.ac.uk/publications/publication12404-abstract.html cve-icon cve-icon
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:2975 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3055 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3076 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3089 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3165 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3187 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3217 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3218 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3220 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3231 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3309 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3517 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2020:0204 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2019-9506 cve-icon
https://usn.ubuntu.com/4115-1/ cve-icon cve-icon
https://usn.ubuntu.com/4118-1/ cve-icon cve-icon
https://usn.ubuntu.com/4147-1/ cve-icon cve-icon
https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2019-9506 cve-icon
https://www.kb.cert.org/vuls/id/918987/ cve-icon cve-icon
https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli cve-icon cve-icon
History

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.02975}

epss

{'score': 0.02341}


Fri, 11 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.03055}

epss

{'score': 0.02975}


cve-icon MITRE

Status: PUBLISHED

Assigner: certcc

Published:

Updated: 2024-09-16T19:14:13.573Z

Reserved: 2019-03-01T00:00:00

Link: CVE-2019-9506

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-08-14T17:15:11.597

Modified: 2024-11-21T04:51:45.113

Link: CVE-2019-9506

cve-icon Redhat

Severity : Important

Publid Date: 2019-08-10T09:00:00Z

Links: CVE-2019-9506 - Bugzilla

cve-icon OpenCVE Enrichment

No data.