CVE-2023-24023
published 2023-11-28CVE-2023-24023: Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain…
medium6.8CVSS 3.1
AVAACHPRNUINSUCHIHAN
Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS.
Affected
41 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bluetooth | bluetooth_core_specification | 4.2 – 5.4 | — |
| debian | linux | < linux 6.1.76-1 (bookworm) | linux 6.1.76-1 (bookworm) |
| android | — | — | |
| linux | linux_kernel | >= 0 < 6.1.76-1 | 6.1.76-1 |
| linux | linux_kernel | >= 0 < 6.6.9-1 | 6.6.9-1 |
| linux | linux_kernel | >= 0 < 6.6.9-1 | 6.6.9-1 |
| linux | linux_kernel | >= 0 < 5.4.0-177.197 | 5.4.0-177.197 |
| linux | linux_kernel | >= 0 < 5.15.0-105.115 | 5.15.0-105.115 |
| linux | linux_kernel | >= 0 < 4.4.0-253.287 | 4.4.0-253.287 |
| linux | linux_kernel | >= 0 < 4.15.0-224.236 | 4.15.0-224.236 |
| microsoft | windows_10_1809 | < 10.0.17763.5122 | 10.0.17763.5122 |
| microsoft | windows_10_21h2 | < 10.0.19043.3693 | 10.0.19043.3693 |
| microsoft | windows_10_22h2 | < 10.0.19045.3693 | 10.0.19045.3693 |
| microsoft | windows_11_21h2 | < 10.0.22000.2600 | 10.0.22000.2600 |
| microsoft | windows_11_22h2 | < 10.0.22621.2715 | 10.0.22621.2715 |
| microsoft | windows_11_23h2 | < 10.0.22631.2715 | 10.0.22631.2715 |
| microsoft | windows_server_2019 | < 10.0.17763.5122 | 10.0.17763.5122 |
| microsoft | windows_server_2022 | < 10.0.20348.2113 | 10.0.20348.2113 |
| microsoft | windows_server_2022_23h2 | < 10.0.25398.531 | 10.0.25398.531 |
| msrc | windows_10_version_1809_for_32-bit_systems | — | — |
| msrc | windows_10_version_1809_for_arm64-based_systems | — | — |
| msrc | windows_10_version_1809_for_x64-based_systems | — | — |
| msrc | windows_10_version_21h2_for_32-bit_systems | — | — |
| msrc | windows_10_version_21h2_for_arm64-based_systems | — | — |
| msrc | windows_10_version_21h2_for_x64-based_systems | — | — |
CVSS provenance
nvdv3.16.8MEDIUMCVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
osv7.0HIGH
Android
CVE-2023-24023: Android Security Bulletin 2025-09-01
CVE: CVE-2023-24023
Severity: HIGH
Type: EoP
Affected AOSP versions: 13, 14, 15
References: A-255601934
vendor_android·2025-09-01·CVSS 6.8
CVE-2023-24023 [MEDIUM] CVE-2023-24023: Android Security Bulletin 2025-09-01
CVE: CVE-2023-24023
Severity: HIGH
Type: EoP
Affected AOSP versions: 13, 14, 15
References: A-255601934
Android Security Bulletin 2025-09-01
CVE: CVE-2023-24023
Severity: HIGH
Type: EoP
Affected AOSP versions: 13, 14, 15
References: A-255601934
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2024-04-23·CVSS 6.8
CVE-2023-52600 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Daniele Antonioli discovered that the Secure Simple Pairing and Secure
Connections pairing in the Bluetooth protocol could allow an
unauthenticated user to complete authentication without pairing
credentials. A physically proximate attacker placed between two Bluetooth
devices could use this to subsequently impersonate one of the paired
devices. (CVE-2023-24023)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- JFS file system;
- Netfilter;
(CVE-2024-26581, CVE-2023-52600, CVE-2023-52603)
Instructions: After a standard system update you need to reboot your
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2024-04-19·CVSS 6.8
CVE-2023-52600 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Daniele Antonioli discovered that the Secure Simple Pairing and Secure
Connections pairing in the Bluetooth protocol could allow an
unauthenticated user to complete authentication without pairing
credentials. A physically proximate attacker placed between two Bluetooth
devices could use this to subsequently impersonate one of the paired
devices. (CVE-2023-24023)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- JFS file system;
- BPF subsystem;
- Netfilter;
(CVE-2023-52603, CVE-2023-52600, CVE-2024-26581, CVE-2024-26589)
Instructions: After a standard syste
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2024-04-19·CVSS 7.0
CVE-2023-1382 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that a race condition existed in the instruction emulator
of the Linux kernel on Arm 64-bit systems. A local attacker could use this
to cause a denial of service (system crash). (CVE-2022-20422)
Wei Chen discovered that a race condition existed in the TIPC protocol
implementation in the Linux kernel, leading to a null pointer dereference
vulnerability. A local attacker could use this to cause a denial of service
(system crash). (CVE-2023-1382)
Jose Oliveira and Rodrigo Branco discovered that the Spectre Variant 2
mitigations with prctl syscall were insufficient in some situations. A
local attacker could possibly use this to expose sensitive information.
(CVE-2023-1998)
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2024-04-19·CVSS 6.8
CVE-2024-26581 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Daniele Antonioli discovered that the Secure Simple Pairing and Secure
Connections pairing in the Bluetooth protocol could allow an
unauthenticated user to complete authentication without pairing
credentials. A physically proximate attacker placed between two Bluetooth
devices could use this to subsequently impersonate one of the paired
devices. (CVE-2023-24023)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- JFS file system;
- Netfilter;
(CVE-2024-26581, CVE-2023-52600, CVE-2023-52603)
Instructions: After a standard system update you need to reboot your
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2024-04-19·CVSS 4.7
CVE-2024-23851 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Wei Chen discovered that a race condition existed in the TIPC protocol
implementation in the Linux kernel, leading to a null pointer dereference
vulnerability. A local attacker could use this to cause a denial of service
(system crash). (CVE-2023-1382)
It was discovered that the virtio network implementation in the Linux
kernel did not properly handle file references in the host, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly expose sensitive information
(kernel memory). (CVE-2023-1838)
Jose Oliveira and Rodrigo Branco discovered that the Spectre Variant 2
mitigations with prctl syscall were insufficient
Red Hat
kernel: Bluetooth Forward and Future Secrecy Attacks and Defenses
vendor_redhat·2023-12-02·CVSS 6.8
CVE-2023-24023 [MEDIUM] CWE-300 kernel: Bluetooth Forward and Future Secrecy Attacks and Defenses
kernel: Bluetooth Forward and Future Secrecy Attacks and Defenses
Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS.
A flaw was found in Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4. This issue may allow certain man-in-the-middle attacks that force a short key length and might lead to discovery of the encryption key and live injection, aka BLUFFS.
Statement: The vulnerability identified as CVE-2023-24023, dubbed "Bluetooth Forward and Future Secrecy Attacks and Defenses (BL
Microsoft
Mitre: CVE-2023-24023 Bluetooth Vulnerability
vendor_msrc·2023-11-14·CVSS 6.8
CVE-2023-24023 [MEDIUM] CWE-326 Mitre: CVE-2023-24023 Bluetooth Vulnerability
Mitre: CVE-2023-24023 Bluetooth Vulnerability
Description: Microsoft is aware of the Bluetooth Forward and Future Secrecy Attacks and Defenses (BLUFFS) vulnerability. For more information regarding the vulnerability, please see this statement from the Bluetooth SIG.
To address the vulnerability, Microsoft has released a software update that enforces the use of BR/EDR Secure Connections defined encryption and authentication algorithms for Bluetooth pairings that have used BR/EDR Secure Connections. If a paired device used BR/EDR Secure Connection at some point, Windows will enforce all subsequent BR/EDR connections to use BR/EDR Secure Connections.
As defined by the BR/EDR Secure Connections protocol, the new BR/EDR Secure Connections algorithms will only be used when the local system and
Debian
CVE-2023-24023: linux - Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairi...
vendor_debian·2023·CVSS 6.8
CVE-2023-24023 [MEDIUM] CVE-2023-24023: linux - Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairi...
Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS.
Scope: local
bookworm: resolved (fixed in 6.1.76-1)
bullseye: open
forky: resolved (fixed in 6.6.9-1)
sid: resolved (fixed in 6.6.9-1)
trixie: resolved (fixed in 6.6.9-1)
OSV
CVE-2023-24023: In multiple locations, there is a possible way to impersonate and MitM a device across session by only compromising one session key due to an insecure
osv·2025-09-01
CVE-2023-24023 CVE-2023-24023: In multiple locations, there is a possible way to impersonate and MitM a device across session by only compromising one session key due to an insecure
In multiple locations, there is a possible way to impersonate and MitM a device across session by only compromising one session key due to an insecure protocol design on Bluetooth Legacy Secure Connection (LSC). This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
OSV
linux-azure, linux-lowlatency, linux-nvidia vulnerabilities
osv·2024-04-23·CVSS 6.8
CVE-2023-24023 [MEDIUM] linux-azure, linux-lowlatency, linux-nvidia vulnerabilities
linux-azure, linux-lowlatency, linux-nvidia vulnerabilities
Daniele Antonioli discovered that the Secure Simple Pairing and Secure
Connections pairing in the Bluetooth protocol could allow an
unauthenticated user to complete authentication without pairing
credentials. A physically proximate attacker placed between two Bluetooth
devices could use this to subsequently impersonate one of the paired
devices. (CVE-2023-24023)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- JFS file system;
- Netfilter;
(CVE-2024-26581, CVE-2023-52600, CVE-2023-52603)
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
osv·2024-04-19·CVSS 7.0
CVE-2022-20422 [HIGH] linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
It was discovered that a race condition existed in the instruction emulator
of the Linux kernel on Arm 64-bit systems. A local attacker could use this
to cause a denial of service (system crash). (CVE-2022-20422)
Wei Chen discovered that a race condition existed in the TIPC protocol
implementation in the Linux kernel, leading to a null pointer dereference
vulnerability. A local attacker could use this to cause a denial of service
(system crash). (CVE-2023-1382)
Jose Oliveira and Rodrigo Branco discovered that the Spectre Variant 2
mitigations with prctl syscall were insufficient in some situations. A
local attacker could possibly use this to expose sensitive information.
(CVE-2023-1998)
Daniele Antonioli discovered that the
OSV
linux, linux-aws, linux-aws-5.15, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.1
osv·2024-04-19·CVSS 6.8
[MEDIUM] linux, linux-aws, linux-aws-5.15, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.1
linux, linux-aws, linux-aws-5.15, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-lowlatency-hwe-5.15, linux-oracle, linux-oracle-5.15, linux-raspi vulnerabilities
Daniele Antonioli discovered that the Secure Simple Pairing and Secure
Connections pairing in the Bluetooth protocol could allow an
unauthenticated user to complete authentication without pairing
credentials. A physically proximate attacker placed between two Bluetooth
devices could use this to subsequently impersonate one of the paired
devices. (CVE-2023-24023)
Several security issues were discovered in the Linux kernel.
An attacker could possibly us
OSV
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linu
osv·2024-04-19·CVSS 6.8
[MEDIUM] linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linu
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp vulnerabilities
Daniele Antonioli discovered that the Secure Simple Pairing and Secure
Connections pairing in the Bluetooth protocol could allow an
unauthenticated user to complete authentication without pairing
credentials. A physically proximate attacker placed between two Bluetooth
devices could use this to subsequently impersonate one of the paired
devices. (CVE-2023-24023)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in
OSV
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities
osv·2024-04-19·CVSS 4.7
CVE-2023-1382 [MEDIUM] linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities
Wei Chen discovered that a race condition existed in the TIPC protocol
implementation in the Linux kernel, leading to a null pointer dereference
vulnerability. A local attacker could use this to cause a denial of service
(system crash). (CVE-2023-1382)
It was discovered that the virtio network implementation in the Linux
kernel did not properly handle file references in the host, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly expose sensitive information
(kernel memory). (CVE-2023-1838)
Jose Oliveira and Rodrigo Branco discovered that the Spectre Variant 2
mitigati
OSV
CVE-2023-24023: Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4
osv·2023-11-28·CVSS 6.8
CVE-2023-24023 [MEDIUM] CVE-2023-24023: Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4
Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS.
GHSA
GHSA-4rvq-6825-fp99: Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4
ghsa_unreviewed·2023-11-28
CVE-2023-24023 [MEDIUM] GHSA-4rvq-6825-fp99: Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4
Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS.
No detection rules found.
No public exploits indexed.
Bleepingcomputer
New BLUFFS attack lets attackers hijack Bluetooth connections
blogs_bleepingcomputer·2023-11-28·CVSS 6.8
[MEDIUM] New BLUFFS attack lets attackers hijack Bluetooth connections
## New BLUFFS attack lets attackers hijack Bluetooth connections
## Bill Toulas
Researchers at Eurecom have developed six new attacks collectively named 'BLUFFS' that can break the secrecy of Bluetooth sessions, allowing for device impersonation and man-in-the-middle (MitM) attacks.
Daniele Antonioli, who discovered the attacks, explains that BLUFFS exploits two previously unknown flaws in the Bluetooth standard related to how session keys are derived to decrypt data in exchange.
These flaws are not specific to hardware or software configurations but are architectural instead, meaning they affect Bluetooth at a fundamental level.
The issues are tracked under the identifier CVE-2023-24023 and impact Bluetooth Core Specification 4.2 through 5.4.
Considering the widespread use of the we
Trendmicro
The November 2023 Security Update Review
blogs_trendmicro·2023-11-14·CVSS 8.8
[HIGH] The November 2023 Security Update Review
## The November 2023 Security Update Review
Get the November 2023 security update and review.
By: Zero Day Initiative 2023/11/14 Read time: ( words)
Save to Folio
It’s the penultimate second Tuesday of 2023, and Microsoft and Adobe have released their latest security patches into the crisp, fall air. Take a break from your scheduled activities and join us as we review the details of their latest advisories. If you’d rather watch the video recap, you can check it out here:
C VE
Title
Severity
CVSS
Public
Exploited
Type
CVE-2023-36033
Windows DWM Core Library Elevation of Privilege Vulnerability
Important
7.8
Yes
Yes
EoP
CVE-2023-36036
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Important
7.8
No
Yes
EoP
CVE-2023-36025
Windows SmartSc
Bleepingcomputer
Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws
blogs_bleepingcomputer·2023-11-14·CVSS 7.8
[HIGH] Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws
## Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws
## Lawrence Abrams
16 Elevation of Privilege Vulnerabilities
6 Security Feature Bypass Vulnerabilities
15 Remote Code Execution Vulnerabilities
6 Information Disclosure Vulnerabilities
5 Denial of Service Vulnerabilities
11 Spoofing Vulnerabilities
The total count of 58 flaws does not include 5 Mariner security updates and 20 Microsoft Edge security updates released earlier this month.
To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5032190 cumulative update and Windows 10 KB5032189 cumulative update .
## Five zero-days fixed
This month's Patch Tuesday fixes five zero-day vulnerabilities, with three exploited in attacks and three publicl
Trendmicro
The November 2023 Security Update Review
blogs_trendmicro·2023-11-14
The November 2023 Security Update Review
# The November 2023 Security Update Review
Get the November 2023 security update and review.
By: Zero Day Initiative
2023/11/14
Read time: ( words)
Save to Folio
It’s the penultimate second Tuesday of 2023, and Microsoft and Adobe have released their latest security patches into the crisp, fall air. Take a break from your scheduled activities and join us as we review the details of their latest advisories. If you’d rather watch the video recap, you can check it out here:
Adobe Patches for November 2023
For November, Adobe released 14 bulletins addressing 76 CVEs in Adobe Acrobat and Reader, ColdFusion, Audition, Premiere Pro, After Effects, Media Encoder, Dimension, Animate, InCopy, InDesign, RoboHelp, FrameMaker Publishing Server, Bridge, and Photoshop. A total of 54 of these bugs
Trendmicro
The November 2023 Security Update Review
blogs_trendmicro·2023-11-14·CVSS 8.8
[HIGH] The November 2023 Security Update Review
## The November 2023 Security Update Review
Get the November 2023 security update and review.
By: Zero Day Initiative Nov 14, 2023 Read time: ( words)
Save to Folio
It’s the penultimate second Tuesday of 2023, and Microsoft and Adobe have released their latest security patches into the crisp, fall air. Take a break from your scheduled activities and join us as we review the details of their latest advisories. If you’d rather watch the video recap, you can check it out here:
C VE
Title
Severity
CVSS
Public
Exploited
Type
CVE-2023-36033
Windows DWM Core Library Elevation of Privilege Vulnerability
Important
7.8
Yes
Yes
EoP
CVE-2023-36036
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Important
7.8
No
Yes
EoP
CVE-2023-36025
Windows Smart
Tenable
Microsoft’s November 2023 Patch Tuesday Addresses 57 CVEs (CVE-2023-36025)
blogs_tenable·2023-11-14·CVSS 8.8
[HIGH] Microsoft’s November 2023 Patch Tuesday Addresses 57 CVEs (CVE-2023-36025)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Bugzilla
CVE-2023-24023 kernel: Bluetooth Forward and Future Secrecy Attacks and Defenses
bugzilla·2023-12-18·CVSS 6.8
CVE-2023-24023 [MEDIUM] CVE-2023-24023 kernel: Bluetooth Forward and Future Secrecy Attacks and Defenses
CVE-2023-24023 kernel: Bluetooth Forward and Future Secrecy Attacks and Defenses
Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS.
Refer:
https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/bluffs-vulnerability/
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2254962]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2394
---
This issue has been addressed in the following products:
Red H
2023-11-28
Published