Search Results (Refine Search)
- Keyword (text search): bluetooth
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2021-0549 |
In sspRequestCallback of BondStateMachine.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-183961896 Published: June 22, 2021; 8:15:09 AM -0400 |
V3.1: 4.4 MEDIUM V2.0: 2.1 LOW |
CVE-2021-0542 |
In updateNotification of BeamTransferManager.java, there is a missing permission check. This could lead to local information disclosure of paired Bluetooth addresses with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168712890 Published: June 22, 2021; 8:15:09 AM -0400 |
V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2021-0507 |
In handle_rc_metamsg_cmd of btif_rc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-181860042 Published: June 21, 2021; 1:15:08 PM -0400 |
V3.1: 8.8 HIGH V2.0: 8.3 HIGH |
CVE-2021-0504 |
In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179162665 Published: June 21, 2021; 1:15:08 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 3.3 LOW |
CVE-2021-0475 |
In on_l2cap_data_ind of btif_sock_l2cap.cc, there is possible memory corruption due to a use after free. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-175686168 Published: June 11, 2021; 1:15:09 PM -0400 |
V3.1: 8.8 HIGH V2.0: 8.3 HIGH |
CVE-2021-25424 |
Improper authentication vulnerability in Tizen bluetooth-frwk prior to Firmware update JUN-2021 Release allows bluetooth attacker to take over the user's bluetooth device without user awareness. Published: June 11, 2021; 11:15:10 AM -0400 |
V3.1: 8.8 HIGH V2.0: 5.8 MEDIUM |
CVE-2021-3564 |
A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13. Published: June 08, 2021; 8:15:11 AM -0400 |
V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2020-10069 |
Zephyr Bluetooth unchecked packet data results in denial of service. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Parameters (CWE-233). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-f6vh-7v4x-8fjp Published: May 25, 2021; 1:15:07 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 3.3 LOW |
CVE-2020-10066 |
Incorrect Error Handling in Bluetooth HCI core. Zephyr versions >= v1.14.2, >= v2.2.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gc66-xfrc-24qr Published: May 25, 2021; 1:15:07 PM -0400 |
V3.1: 5.7 MEDIUM V2.0: 3.3 LOW |
CVE-2020-10065 |
Missing Size Checks in Bluetooth HCI over SPI. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Length Parameter Inconsistency (CWE-130). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c Published: May 25, 2021; 1:15:07 PM -0400 |
V3.1: 8.8 HIGH V2.0: 5.8 MEDIUM |
CVE-2020-26560 |
Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, reflecting the authentication evidence from a Provisioner, to complete authentication without possessing the AuthValue, and potentially acquire a NetKey and AppKey. Published: May 24, 2021; 2:15:07 PM -0400 |
V3.1: 8.1 HIGH V2.0: 4.8 MEDIUM |
CVE-2020-26559 |
Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (participating in the provisioning protocol) to identify the AuthValue used given the Provisioner’s public key, and the confirmation number and nonce provided by the provisioning device. This could permit a device without the AuthValue to complete provisioning without brute-forcing the AuthValue. Published: May 24, 2021; 2:15:07 PM -0400 |
V3.1: 8.8 HIGH V2.0: 5.8 MEDIUM |
CVE-2020-26558 |
Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time. Published: May 24, 2021; 2:15:07 PM -0400 |
V3.1: 4.2 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-26557 |
Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (without possession of the AuthValue used in the provisioning protocol) to determine the AuthValue via a brute-force attack (unless the AuthValue is sufficiently random and changed each time). Published: May 24, 2021; 2:15:07 PM -0400 |
V3.1: 7.5 HIGH V2.0: 2.9 LOW |
CVE-2020-26556 |
Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to conduct a successful brute-force attack on an insufficiently random AuthValue before the provisioning procedure times out, to complete authentication by leveraging Malleable Commitment. Published: May 24, 2021; 2:15:07 PM -0400 |
V3.1: 7.5 HIGH V2.0: 2.9 LOW |
CVE-2020-26555 |
Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN. Published: May 24, 2021; 2:15:07 PM -0400 |
V3.1: 5.4 MEDIUM V2.0: 4.8 MEDIUM |
CVE-2021-31182 |
Microsoft Bluetooth Driver Spoofing Vulnerability Published: May 11, 2021; 3:15:09 PM -0400 |
V3.1: 7.1 HIGH V2.0: 4.8 MEDIUM |
CVE-2021-0433 |
In onCreate of DeviceChooserActivity.java, there is a possible way to bypass user consent when pairing a Bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege and pairing malicious devices with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171221090 Published: April 13, 2021; 3:15:12 PM -0400 |
V3.1: 8.0 HIGH V2.0: 5.4 MEDIUM |
CVE-2021-21367 |
Switchboard Bluetooth Plug for elementary OS from version 2.3.0 and before version version 2.3.5 has an incorrect authorization vulnerability. When the Bluetooth plug is running (in discoverable mode), Bluetooth service requests and pairing requests are automatically accepted, allowing physically proximate attackers to pair with a device running an affected version of switchboard-plug-bluetooth without the active consent of the user. By default, elementary OS doesn't expose any services via Bluetooth that allow information to be extracted by paired Bluetooth devices. However, if such services (i.e. contact list sharing software) have been installed, it's possible that attackers have been able to extract data from such services without authorization. If no such services have been installed, attackers are only able to pair with a device running an affected version without authorization and then play audio out of the device or possibly present a HID device (keyboard, mouse, etc...) to control the device. As such, users should check the list of trusted/paired devices and remove any that are not 100% confirmed to be genuine. This is fixed in version 2.3.5. To reduce the likelihood of this vulnerability on an unpatched version, only open the Bluetooth plug for short intervals when absolutely necessary and preferably not in crowded public areas. To mitigate the risk entirely with unpatched versions, do not open the Bluetooth plug within switchboard at all, and use a different method for pairing devices if necessary (e.g. `bluetoothctl` CLI). Published: March 12, 2021; 12:15:12 PM -0500 |
V3.1: 8.1 HIGH V2.0: 4.3 MEDIUM |
CVE-2021-0336 |
In onReceive of BluetoothPermissionRequest.java, there is a possible permissions bypass due to a mutable PendingIntent. This could lead to local escalation of privilege that bypasses a permission check, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-158219161 Published: February 10, 2021; 12:15:21 PM -0500 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |