CVE-2020-26558

NameCVE-2020-26558
DescriptionBluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs989614

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
bluez (PTS)stretch5.43-2+deb9u2vulnerable
stretch (security)5.43-2+deb9u3vulnerable
buster, buster (security)5.50-1.2~deb10u1vulnerable
bullseye5.55-3vulnerable
sid5.55-3.1fixed
linux (PTS)stretch4.9.228-1vulnerable
stretch (security)4.9.258-1vulnerable
buster4.19.181-1vulnerable
buster (security)4.19.171-2vulnerable
bullseye, sid5.10.40-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bluezsource(unstable)5.55-3.1989614
linuxsource(unstable)5.10.40-1

Notes

https://kb.cert.org/vuls/id/799380
https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/passkey-entry/
https://bugzilla.redhat.com/show_bug.cgi?id=1918602
https://git.kernel.org/linus/6d19628f539fccf899298ff02ee4c73e4bf6df3f
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=00da0fb4972cf59e1c075f313da81ea549cb8738

Search for package or bug name: Reporting problems