Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time.
Advisories
Source ID Title
Debian DLA Debian DLA DLA-2689-1 linux security update
Debian DLA Debian DLA DLA-2690-1 linux-4.19 security update
Debian DLA Debian DLA DLA-2692-1 bluez security update
Debian DSA Debian DSA DSA-4951-1 bluez security update
EUVD EUVD EUVD-2020-19103 Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time.
Ubuntu USN Ubuntu USN USN-4989-1 BlueZ vulnerabilities
Ubuntu USN Ubuntu USN USN-4989-2 BlueZ vulnerabilities
Ubuntu USN Ubuntu USN USN-5017-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-5018-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-5046-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-5050-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-5299-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-5343-1 Linux kernel vulnerabilities
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-04T15:56:04.444Z

Reserved: 2020-10-04T00:00:00

Link: CVE-2020-26558

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-05-24T18:15:07.930

Modified: 2024-11-21T05:20:04.720

Link: CVE-2020-26558

cve-icon Redhat

Severity : Moderate

Publid Date: 2021-05-24T16:00:00Z

Links: CVE-2020-26558 - Bugzilla

cve-icon OpenCVE Enrichment

No data.