Bluetooth BR/EDR encryption key negotiation vulnerability

Description

Greetings,

TLP:RED, under embargo until 13 August 2019

This email contains predisclosure information about a vulnerability in the Bluetooth BR/EDR Bluetooth Core specification versions 1.0 through 5.1 that is identified as CVE-2019-9506. The Bluetooth BR/EDR encryption key negotiation protocol is vulnerable to packet injection that could allow an unauthenticated user to decrease the size of the entropy of the encryption key, potentially causing information disclosure and/or escalation of privileges via adjacent access. There is not currently any knowledge of this being exploited.

The Bluetooth Special Interest Group (SIG) is in the process of adjusting the specification to mitigate this issue. They are continuing to work with controller and host vendors to implement patches once the specification is changed, so be aware that patches and additional notifications may be coming from upstream vendors. We strongly recommend that these patches are implemented when they are available. We will communicate more information in regards to this vulnerability as we receive it.

Regards,

Vulnerability Analysis Team
======================================================================
CERT Coordination Center
www.cert.org / cert@cert.org
======================================================================

Environment

None

Assignee

David Brown

Reporter

David Brown

Labels

Authorized viewers

None

CVE

None

Embargo Lift

None

Components

Affects versions

Priority

Medium
Configure