CVE-2020-26555 — Incorrect Authorization in Core Specification

CWE-863 — Incorrect Authorization CWE-400 — Uncontrolled Resource Consumption11 documents9 sources

Severity

5.4MEDIUMNVD

EPSS

0.2%

top 55.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Platform System BT Linux Kernel Bluetooth Core Specification +1 more

Timeline

PublishedMay 24

Latest updateOct 1

Description

Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages3 packages

▶NVDbluetooth/bluetooth_core_specification1.1b — 5.2

▶Androidplatform/system_bt8.1:0 — 8.1:2021-06-05+3

▶Ubuntulinux/linux_kernel< 4.15.0-151.157+2

Also affects: Fedora 34

🔴Vulnerability Details

Kernel

Bluetooth: Reject connection with the device which has same BD_ADDR↗2023-10-01

▶

Kernel

Bluetooth: hci_event: Ignore NULL link key↗2023-10-01

▶

GHSA

GHSA-6vq6-ghrc-jpjw: Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1↗2022-05-24

▶

OSV

CVE-2020-26555: In btm_sec_pin_code_request of btm_sec↗2021-06-01

▶

OSV

CVE-2020-26555: Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1↗2021-05-24

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2022-03-22

▶

Android

CVE-2020-26555: Android Security Bulletin 2021-06-01 CVE: CVE-2020-26555 Severity: HIGH Type: EoP Affected AOSP versions: 8↗2021-06-01

▶

Red Hat

kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack↗2021-05-24

▶

💬Community

Bugzilla

CVE-2020-26555 kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack↗2021-01-21

▶