The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.

Project Subscriptions

Vendors Products
Blackberry Subscribe
Blackberry Subscribe
Canonical Subscribe
Ubuntu Linux Subscribe
Debian Linux Subscribe
Android Subscribe
Alp-al00b Subscribe
Alp-al00b Firmware Subscribe
Ares-al00b Subscribe
Ares-al00b Firmware Subscribe
Ares-al10d Subscribe
Ares-al10d Firmware Subscribe
Ares-tl00c Subscribe
Ares-tl00c Firmware Subscribe
Asoka-al00ax Subscribe
Asoka-al00ax Firmware Subscribe
Atomu-l33 Subscribe
Atomu-l33 Firmware Subscribe
Atomu-l41 Subscribe
Atomu-l41 Firmware Subscribe
Atomu-l42 Subscribe
Atomu-l42 Firmware Subscribe
Barca-al00 Subscribe
Barca-al00 Firmware Subscribe
Berkeley-al20 Subscribe
Berkeley-al20 Firmware Subscribe
Berkeley-l09 Subscribe
Berkeley-l09 Firmware Subscribe
Berkeley-tl10 Subscribe
Berkeley-tl10 Firmware Subscribe
Bla-al00b Subscribe
Bla-al00b Firmware Subscribe
Bla-l29c Subscribe
Bla-l29c Firmware Subscribe
Bla-tl00b Subscribe
Bla-tl00b Firmware Subscribe
Cairogo-l22 Subscribe
Cairogo-l22 Firmware Subscribe
Charlotte-l29c Subscribe
Charlotte-l29c Firmware Subscribe
Columbia-al10b Subscribe
Columbia-al10b Firmware Subscribe
Columbia-al10i Subscribe
Columbia-al10i Firmware Subscribe
Columbia-l29d Subscribe
Columbia-l29d Firmware Subscribe
Columbia-tl00d Subscribe
Columbia-tl00d Firmware Subscribe
Cornell-al00a Subscribe
Cornell-al00a Firmware Subscribe
Cornell-al00i Subscribe
Cornell-al00i Firmware Subscribe
Cornell-al00ind Subscribe
Cornell-al00ind Firmware Subscribe
Cornell-al10ind Subscribe
Cornell-al10ind Firmware Subscribe
Cornell-l29a Subscribe
Cornell-l29a Firmware Subscribe
Cornell-tl10b Subscribe
Cornell-tl10b Firmware Subscribe
Dubai-al00a Subscribe
Dubai-al00a Firmware Subscribe
Dura-al00a Subscribe
Dura-al00a Firmware Subscribe
Dura-tl00a Subscribe
Dura-tl00a Firmware Subscribe
Emily-l29c Subscribe
Emily-l29c Firmware Subscribe
Ever-l29b Subscribe
Ever-l29b Firmware Subscribe
Figo-l23 Subscribe
Figo-l23 Firmware Subscribe
Figo-l31 Subscribe
Figo-l31 Firmware Subscribe
Figo-tl10b Subscribe
Figo-tl10b Firmware Subscribe
Florida-al20b Subscribe
Florida-al20b Firmware Subscribe
Florida-l21 Subscribe
Florida-l21 Firmware Subscribe
Florida-l22 Subscribe
Florida-l22 Firmware Subscribe
Florida-l23 Subscribe
Florida-l23 Firmware Subscribe
Florida-tl10b Subscribe
Florida-tl10b Firmware Subscribe
Harry-al00c Subscribe
Harry-al00c Firmware Subscribe
Harry-al10b Subscribe
Harry-al10b Firmware Subscribe
Harry-tl00c Subscribe
Harry-tl00c Firmware Subscribe
Hima-l29c Subscribe
Hima-l29c Firmware Subscribe
Honor 10 Lite Subscribe
Honor 10 Lite Firmware Subscribe
Honor 20 Subscribe
Honor 20 Firmware Subscribe
Honor 20 Pro Subscribe
Honor 20 Pro Firmware Subscribe
Honor 8a Subscribe
Honor 8a Firmware Subscribe
Honor 8x Subscribe
Honor 8x Firmware Subscribe
Honor View 10 Subscribe
Honor View 10 Firmware Subscribe
Honor View 20 Subscribe
Honor View 20 Firmware Subscribe
Imanager Neteco Subscribe
Imanager Neteco 6000 Subscribe
Imanager Neteco 6000 Firmware Subscribe
Imanager Neteco Firmware Subscribe
Jakarta-al00a Subscribe
Jakarta-al00a Firmware Subscribe
Johnson-tl00d Subscribe
Johnson-tl00d Firmware Subscribe
Johnson-tl00f Subscribe
Johnson-tl00f Firmware Subscribe
Katyusha-al00a Subscribe
Katyusha-al00a Firmware Subscribe
Laya-al00ep Subscribe
Laya-al00ep Firmware Subscribe
Leland-l21a Subscribe
Leland-l21a Firmware Subscribe
Leland-l31a Subscribe
Leland-l31a Firmware Subscribe
Leland-l32a Subscribe
Leland-l32a Firmware Subscribe
Leland-l32c Subscribe
Leland-l32c Firmware Subscribe
Leland-l42a Subscribe
Leland-l42a Firmware Subscribe
Leland-l42c Subscribe
Leland-l42c Firmware Subscribe
Leland-tl10b Subscribe
Leland-tl10b Firmware Subscribe
Leland-tl10c Subscribe
Leland-tl10c Firmware Subscribe
Lelandp-al00c Subscribe
Lelandp-al00c Firmware Subscribe
Lelandp-al10b Subscribe
Lelandp-al10b Firmware Subscribe
Lelandp-al10d Subscribe
Lelandp-al10d Firmware Subscribe
Lelandp-l22a Subscribe
Lelandp-l22a Firmware Subscribe
Lelandp-l22c Subscribe
Lelandp-l22c Firmware Subscribe
Lelandp-l22d Subscribe
Lelandp-l22d Firmware Subscribe
London-al40ind Subscribe
London-al40ind Firmware Subscribe
Madrid-al00a Subscribe
Madrid-al00a Firmware Subscribe
Madrid-tl00a Subscribe
Madrid-tl00a Firmware Subscribe
Mate 20 Subscribe
Mate 20 Firmware Subscribe
Mate 20 Pro Subscribe
Mate 20 Pro Firmware Subscribe
Mate 20 X Subscribe
Mate 20 X Firmware Subscribe
Neo-al00d Subscribe
Neo-al00d Firmware Subscribe
Nova 3 Firmware Subscribe
Nova 4 Firmware Subscribe
Nova 5 Firmware Subscribe
Nova 5i Pro Subscribe
Nova 5i Pro Firmware Subscribe
Nova Lite 3 Subscribe
Nova Lite 3 Firmware Subscribe
P20 Firmware Subscribe
P20 Pro Subscribe
P20 Pro Firmware Subscribe
P30 Firmware Subscribe
P30 Pro Subscribe
P30 Pro Firmware Subscribe
P Smart Subscribe
P Smart 2019 Subscribe
P Smart 2019 Firmware Subscribe
P Smart Firmware Subscribe
Paris-al00ic Subscribe
Paris-al00ic Firmware Subscribe
Paris-l21b Subscribe
Paris-l21b Firmware Subscribe
Paris-l21meb Subscribe
Paris-l21meb Firmware Subscribe
Paris-l29b Subscribe
Paris-l29b Firmware Subscribe
Potter-al00c Subscribe
Potter-al00c Firmware Subscribe
Potter-al10a Subscribe
Potter-al10a Firmware Subscribe
Princeton-al10b Subscribe
Princeton-al10b Firmware Subscribe
Princeton-al10d Subscribe
Princeton-al10d Firmware Subscribe
Princeton-tl10c Subscribe
Princeton-tl10c Firmware Subscribe
Sydney-al00 Subscribe
Sydney-al00 Firmware Subscribe
Sydney-l21 Subscribe
Sydney-l21 Firmware Subscribe
Sydney-l21br Subscribe
Sydney-l21br Firmware Subscribe
Sydney-l22 Subscribe
Sydney-l22 Firmware Subscribe
Sydney-l22br Subscribe
Sydney-l22br Firmware Subscribe
Sydney-tl00 Subscribe
Sydney-tl00 Firmware Subscribe
Sydneym-al00 Subscribe
Sydneym-al00 Firmware Subscribe
Sydneym-l01 Subscribe
Sydneym-l01 Firmware Subscribe
Sydneym-l03 Subscribe
Sydneym-l03 Firmware Subscribe
Sydneym-l21 Subscribe
Sydneym-l21 Firmware Subscribe
Sydneym-l22 Subscribe
Sydneym-l22 Firmware Subscribe
Sydneym-l23 Subscribe
Sydneym-l23 Firmware Subscribe
Tony-al00b Subscribe
Tony-al00b Firmware Subscribe
Tony-tl00b Subscribe
Tony-tl00b Firmware Subscribe
Y5 2018 Subscribe
Y5 2018 Firmware Subscribe
Y5 Lite Subscribe
Y5 Lite Firmware Subscribe
Y6 2019 Subscribe
Y6 2019 Firmware Subscribe
Y6 Prime 2018 Subscribe
Y6 Prime 2018 Firmware Subscribe
Y6 Pro 2019 Subscribe
Y6 Pro 2019 Firmware Subscribe
Y7 2019 Subscribe
Y7 2019 Firmware Subscribe
Y9 2019 Subscribe
Y9 2019 Firmware Subscribe
Yale-al00a Subscribe
Yale-al00a Firmware Subscribe
Yale-al50a Subscribe
Yale-al50a Firmware Subscribe
Yale-l21a Subscribe
Yale-l21a Firmware Subscribe
Yale-l61c Subscribe
Yale-l61c Firmware Subscribe
Yale-tl00b Subscribe
Yale-tl00b Firmware Subscribe
Yalep-al10b Subscribe
Yalep-al10b Firmware Subscribe
Opensuse Subscribe
Enterprise Linux Subscribe
Enterprise Linux Aus Subscribe
Enterprise Linux Eus Subscribe
Enterprise Linux For Real Time Subscribe
Enterprise Linux For Real Time Eus Subscribe
Enterprise Linux For Real Time For Nfv Subscribe
Enterprise Linux For Real Time For Nfv Eus Subscribe
Enterprise Linux Server Subscribe
Enterprise Linux Server Aus Subscribe
Enterprise Linux Server Tus Subscribe
Enterprise Linux Tus Subscribe
Enterprise Mrg Subscribe
Mrg Realtime Subscribe
Rhel Aus Subscribe
Rhel E4s Subscribe
Rhel Eus Subscribe
Rhel Extras Rt Subscribe
Rhel Tus Subscribe
Virtualization Host Eus Subscribe
Advisories
Source ID Title
Debian DLA Debian DLA DLA-1919-1 linux-4.9 security update
Debian DLA Debian DLA DLA-1919-2 linux-4.9 security update
Debian DLA Debian DLA DLA-1930-1 linux security update
EUVD EUVD EUVD-2019-18880 The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.
Ubuntu USN Ubuntu USN USN-4115-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-4118-1 Linux kernel (AWS) vulnerabilities
Ubuntu USN Ubuntu USN USN-4147-1 Linux kernel vulnerabilities
Fixes

Solution

No solution given by the vendor.


Workaround

Bluetooth SIG Expedited Errata Correction 11838

References
Link Providers
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html cve-icon cve-icon
http://seclists.org/fulldisclosure/2019/Aug/11 cve-icon cve-icon
http://seclists.org/fulldisclosure/2019/Aug/13 cve-icon cve-icon
http://seclists.org/fulldisclosure/2019/Aug/14 cve-icon cve-icon
http://seclists.org/fulldisclosure/2019/Aug/15 cve-icon cve-icon
http://www.cs.ox.ac.uk/publications/publication12404-abstract.html cve-icon cve-icon
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:2975 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3055 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3076 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3089 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3165 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3187 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3217 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3218 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3220 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3231 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3309 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3517 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2020:0204 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2019-9506 cve-icon
https://usn.ubuntu.com/4115-1/ cve-icon cve-icon
https://usn.ubuntu.com/4118-1/ cve-icon cve-icon
https://usn.ubuntu.com/4147-1/ cve-icon cve-icon
https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2019-9506 cve-icon
https://www.kb.cert.org/vuls/id/918987/ cve-icon cve-icon
https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli cve-icon cve-icon
History

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.02975}

epss

{'score': 0.02341}


Fri, 11 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.03055}

epss

{'score': 0.02975}


Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: certcc

Published:

Updated: 2024-09-16T19:14:13.573Z

Reserved: 2019-03-01T00:00:00

Link: CVE-2019-9506

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-08-14T17:15:11.597

Modified: 2024-11-21T04:51:45.113

Link: CVE-2019-9506

cve-icon Redhat

Severity : Important

Publid Date: 2019-08-10T09:00:00Z

Links: CVE-2019-9506 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses