TLP:RED, under embargo until 13 August 2019
This email contains predisclosure information about a vulnerability in the Bluetooth BR/EDR Bluetooth Core specification versions 1.0 through 5.1 that is identified as CVE-2019-9506. The Bluetooth BR/EDR encryption key negotiation protocol is vulnerable to packet injection that could allow an unauthenticated user to decrease the size of the entropy of the encryption key, potentially causing information disclosure and/or escalation of privileges via adjacent access. There is not currently any knowledge of this being exploited.
The Bluetooth Special Interest Group (SIG) is in the process of adjusting the specification to mitigate this issue. They are continuing to work with controller and host vendors to implement patches once the specification is changed, so be aware that patches and additional notifications may be coming from upstream vendors. We strongly recommend that these patches are implemented when they are available. We will communicate more information in regards to this vulnerability as we receive it.
Vulnerability Analysis Team
CERT Coordination Center
www.cert.org / firstname.lastname@example.org