CVE-2018-5383: Input Validation
First published: Fri Jun 01 2018(Updated: )
A vulnerability in Bluetooth pairing potentially allows an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth devices. This may result in information disclosure, elevation of privilege and/or denial of service. External References: <a href="https://www.kb.cert.org/vuls/id/304725">https://www.kb.cert.org/vuls/id/304725</a> <a href="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00128.html">https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00128.html</a> <a href="https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update">https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update</a>
Credit: Lior Neumann Eli Biham Lior Neumann Eli Biham Lior Neumann Eli Biham Lior Neumann Eli Biham Lior Neumann Eli Biham cret@cert.org cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple macOS High Sierra | <10.13.5 | 10.13.5 |
| Apple Sierra | ||
| Apple El Capitan | ||
| ubuntu/linux-gke-5.4 | <4.19~ | 4.19~ |
| ubuntu/linux-hwe-5.8 | <4.19~ | 4.19~ |
| ubuntu/linux-gkeop-5.4 | <4.19~ | 4.19~ |
| ubuntu/linux-gke | <4.19~ | 4.19~ |
| ubuntu/linux-dell300x | <4.19~ | 4.19~ |
| ubuntu/linux-gkeop | <4.19~ | 4.19~ |
| ubuntu/linux-oem-5.10 | <4.19~ | 4.19~ |
| ubuntu/linux-aws-hwe | <4.19~ | 4.19~ |
| ubuntu/linux-aws-hwe | <4.15.0-1047.49~16.04.1 | 4.15.0-1047.49~16.04.1 |
| ubuntu/linux-aws-5.0 | <4.19~ | 4.19~ |
| ubuntu/linux | <4.15.0-58.64 | 4.15.0-58.64 |
| ubuntu/linux | <4.19~ | 4.19~ |
| ubuntu/linux | <4.4.0-159.187 | 4.4.0-159.187 |
| ubuntu/linux-aws | <4.15.0-1047.49 | 4.15.0-1047.49 |
| ubuntu/linux-aws | <4.4.0-1054.58 | 4.4.0-1054.58 |
| ubuntu/linux-aws | <4.19~ | 4.19~ |
| ubuntu/linux-aws | <4.4.0-1090.101 | 4.4.0-1090.101 |
| ubuntu/linux-aws-5.3 | <4.19~ | 4.19~ |
| ubuntu/linux-aws-5.4 | <4.19~ | 4.19~ |
| ubuntu/linux-azure | <5.0.0-1014.14~18.04.1 | 5.0.0-1014.14~18.04.1 |
| ubuntu/linux-azure | <4.19~ | 4.19~ |
| ubuntu/linux-azure | <4.15.0-1055.60 | 4.15.0-1055.60 |
| ubuntu/linux-azure-4.15 | <4.19~ | 4.19~ |
| ubuntu/linux-azure-5.3 | <4.19~ | 4.19~ |
| ubuntu/linux-azure-5.4 | <4.19~ | 4.19~ |
| ubuntu/linux-azure-edge | <5.0.0-1014.14~18.04.1 | 5.0.0-1014.14~18.04.1 |
| ubuntu/linux-azure-edge | <4.19~ | 4.19~ |
| ubuntu/linux-euclid | <4.19~ | 4.19~ |
| ubuntu/linux-firmware | <1.173.18 | 1.173.18 |
| ubuntu/linux-firmware | <4.19~ | 4.19~ |
| ubuntu/linux-firmware | <1.157.23 | 1.157.23 |
| ubuntu/linux-flo | <4.19~ | 4.19~ |
| ubuntu/linux-gcp | <4.15.0-1040.42 | 4.15.0-1040.42 |
| ubuntu/linux-gcp | <4.19~ | 4.19~ |
| ubuntu/linux-gcp | <4.15.0-1040.42~16.04.1 | 4.15.0-1040.42~16.04.1 |
| ubuntu/linux-gcp-4.15 | <4.19~ | 4.19~ |
| ubuntu/linux-gcp-5.3 | <4.19~ | 4.19~ |
| ubuntu/linux-gcp-edge | <4.15.0-1040.42 | 4.15.0-1040.42 |
| ubuntu/linux-gcp-edge | <4.19~ | 4.19~ |
| ubuntu/linux-gke-4.15 | <4.15.0-1040.42 | 4.15.0-1040.42 |
| ubuntu/linux-gke-4.15 | <4.19~ | 4.19~ |
| ubuntu/linux-gke-5.0 | <4.19~ | 4.19~ |
| ubuntu/linux-gke-5.3 | <4.19~ | 4.19~ |
| ubuntu/linux-goldfish | <4.19~ | 4.19~ |
| ubuntu/linux-grouper | <4.19~ | 4.19~ |
| ubuntu/linux-hwe | <5.0.0-23.24~18.04.1 | 5.0.0-23.24~18.04.1 |
| ubuntu/linux-hwe | <4.19~ | 4.19~ |
| ubuntu/linux-hwe | <4.15.0-58.64~16.04.1 | 4.15.0-58.64~16.04.1 |
| ubuntu/linux-hwe-5.4 | <4.19~ | 4.19~ |
| ubuntu/linux-hwe-edge | <4.19~ | 4.19~ |
| ubuntu/linux-hwe-edge | <4.15.0-58.64~16.04.1 | 4.15.0-58.64~16.04.1 |
| ubuntu/linux-kvm | <4.15.0-1042.42 | 4.15.0-1042.42 |
| ubuntu/linux-kvm | <4.19~ | 4.19~ |
| ubuntu/linux-kvm | <4.4.0-1054.61 | 4.4.0-1054.61 |
| ubuntu/linux-lts-trusty | <4.19~ | 4.19~ |
| ubuntu/linux-lts-utopic | <4.19~ | 4.19~ |
| ubuntu/linux-lts-vivid | <4.19~ | 4.19~ |
| ubuntu/linux-lts-wily | <4.19~ | 4.19~ |
| ubuntu/linux-lts-xenial | <4.4.0-164.192~14.04.1 | 4.4.0-164.192~14.04.1 |
| ubuntu/linux-lts-xenial | <4.19~ | 4.19~ |
| ubuntu/linux-maguro | <4.19~ | 4.19~ |
| ubuntu/linux-mako | <4.19~ | 4.19~ |
| ubuntu/linux-manta | <4.19~ | 4.19~ |
| ubuntu/linux-oem | <4.15.0-1050.57 | 4.15.0-1050.57 |
| ubuntu/linux-oem | <4.15.0-1050.57 | 4.15.0-1050.57 |
| ubuntu/linux-oem | <4.15.0-1050.57 | 4.15.0-1050.57 |
| ubuntu/linux-oem | <4.19~ | 4.19~ |
| ubuntu/linux-oem-5.6 | <4.19~ | 4.19~ |
| ubuntu/linux-oem-osp1 | <4.19~ | 4.19~ |
| ubuntu/linux-oracle | <4.15.0-1021.23 | 4.15.0-1021.23 |
| ubuntu/linux-oracle | <5.0.0-1004.8 | 5.0.0-1004.8 |
| ubuntu/linux-oracle | <4.19~ | 4.19~ |
| ubuntu/linux-oracle | <4.15.0-1021.23~16.04.1 | 4.15.0-1021.23~16.04.1 |
| ubuntu/linux-oracle-5.0 | <4.19~ | 4.19~ |
| ubuntu/linux-oracle-5.3 | <4.19~ | 4.19~ |
| ubuntu/linux-raspi | <4.19~ | 4.19~ |
| ubuntu/linux-raspi-5.4 | <4.19~ | 4.19~ |
| ubuntu/linux-raspi2 | <4.15.0-1043.46 | 4.15.0-1043.46 |
| ubuntu/linux-raspi2 | <4.19~ | 4.19~ |
| ubuntu/linux-raspi2 | <4.4.0-1118.127 | 4.4.0-1118.127 |
| ubuntu/linux-raspi2-5.3 | <4.19~ | 4.19~ |
| ubuntu/linux-riscv | <4.19~ | 4.19~ |
| ubuntu/linux-snapdragon | <4.15.0-1060.66 | 4.15.0-1060.66 |
| ubuntu/linux-snapdragon | <4.19~ | 4.19~ |
| ubuntu/linux-snapdragon | <4.4.0-1122.128 | 4.4.0-1122.128 |
| Google Android | =6.0 | |
| Google Android | =6.0.1 | |
| Google Android | =7.0 | |
| Google Android | =7.1.1 | |
| Google Android | =7.1.2 | |
| Google Android | =8.0 | |
| Google Android | =8.1 | |
| Apple iPhone OS | <11.4 | |
| Apple Mac OS X | <10.13 | |
| Apple iOS | <12 | 12 |
| Apple tvOS | <12 | 12 |
| Apple macOS Mojave | <10.14 | 10.14 |
| debian/firmware-nonfree | 20190114-2 20190114+really20220913-0+deb10u2 20210315-3 20230210-5 20230625-2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.cs.technion.ac.il/~biham/BT/
- https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update
- https://www.kb.cert.org/vuls/id/304725
- http://www.securityfocus.com/bid/104879
- http://www.securitytracker.com/id/1041432
- https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html
- https://access.redhat.com/errata/RHSA-2019:2169
- https://usn.ubuntu.com/4094-1/
- https://usn.ubuntu.com/4095-1/
- https://usn.ubuntu.com/4095-2/
- https://usn.ubuntu.com/4118-1/
- https://usn.ubuntu.com/4351-1/
- https://launchpad.net/bugs/cve/CVE-2018-5383
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00128.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1615683
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1615706
- https://access.redhat.com/security/cve/cve-2018-5383
- https://bugzilla.redhat.com/show_bug.cgi?id=1614159
- https://support.apple.com/en-us/HT209139 (Advisory)
- https://support.apple.com/en-us/HT208937 (Advisory)
- https://support.apple.com/en-us/HT208849 (Advisory)
- https://support.apple.com/en-us/HT209107 (Advisory)
- https://support.apple.com/en-us/HT209106 (Advisory)
- https://security-tracker.debian.org/tracker/CVE-2018-5383
- https://android.googlesource.com/platform/system/bt/+/fa3d7e1f784d3bdbf8f9d8b572a60696289211b1
- https://source.android.com/docs/security/bulletin/2018-06-01 (Advisory)
- https://ubuntu.com/security/notices/USN-4094-1
- https://ubuntu.com/security/notices/USN-4095-1
- https://ubuntu.com/security/notices/USN-4095-2
- https://ubuntu.com/security/notices/USN-4118-1
- https://ubuntu.com/security/notices/USN-4351-1
- https://www.cve.org/CVERecord?id=CVE-2018-5383
- https://nvd.nist.gov/vuln/detail/CVE-2018-5383
- https://git.kernel.org/linus/05ddb47a91fa591ed25ad877783a58ae44cc8212
- https://git.kernel.org/linus/ea169a30a6bf6782a05a51d2b9cf73db151eab8b
- https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=e94352cf328ae718e47e3899ebd050465755db04
- https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=897330f38d2db8986fc8965709b1852ba76896a7
- https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=c84bd6688f6e5863dd57cb1ed0512e732d436cb2
- https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=70353356f8a01b6593ea94fd6ed6e9593fd0da1f
- https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=629a5e089e300ba153c1358cca2193a7671c2f80
- https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=112d300c26dfbb9cebbf63781214c007fc203611
- https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=3f8243c8c0363fb5752a1b0e9aaafccb3abc3159
- https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=6be4747ea1d731f661c5320acf3f1273a459d6da
- https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=9489f5524917a42637c3b46d904fff80818a0766
- https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=534daf431c88b24236d23572039cdd79223b246a
- https://salsa.debian.org/kernel-team/firmware-nonfree/-/commit/e062fd25f11b8cb582d8e1069f83eb54b72410ab
- https://salsa.debian.org/kernel-team/firmware-nonfree/-/commit/58677900ea574a55cadc0cacb956ebe092ee5ea4
- https://ubuntu.com/security/CVE-2018-5383
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2018-5383
- CVE-2018-4295
- CVE-2018-4324
- CVE-2018-4417
- CVE-2018-4353
- CVE-2017-12613
- CVE-2017-12618
- CVE-2018-4411
- CVE-2018-4308
- CVE-2018-4321
- CVE-2018-4126
- CVE-2018-4412
- CVE-2018-4414
- CVE-2018-4347
- CVE-2018-4333
- CVE-2018-4153
- CVE-2018-4406
- CVE-2018-4346
- CVE-2018-4296
- CVE-2018-4433
- CVE-2019-8643
- CVE-2017-5731
- CVE-2017-5732
- CVE-2017-5733
- CVE-2017-5734
- CVE-2017-5735
- CVE-2018-4426
- CVE-2018-4331
- CVE-2018-4332
- CVE-2018-4343
- CVE-2018-3646
- CVE-2018-4355
- CVE-2018-4396
- CVE-2018-4418
- CVE-2018-4351
- CVE-2018-4350
- CVE-2018-4334
- CVE-2018-4451
- CVE-2018-4456
- CVE-2018-4408
- CVE-2018-4341
- CVE-2018-4354
- CVE-2018-4383
- CVE-2018-4401
- CVE-2018-4399
- CVE-2018-4407
- CVE-2018-4336
- CVE-2018-4337
- CVE-2018-4340
- CVE-2018-4344
- CVE-2018-4425
- CVE-2015-3194
- CVE-2015-5333
- CVE-2015-5334
- CVE-2016-0702
- CVE-2018-4348
- CVE-2018-4326
- CVE-2018-4310
- CVE-2018-3639
- CVE-2018-4395
- CVE-2016-1777
- CVE-2018-4393
- CVE-2018-4203
- CVE-2018-4304
- CVE-2018-4338
- CVE-2018-4470
- CVE-2018-4289
- CVE-2018-4268
- CVE-2018-4285
- CVE-2018-4293
- CVE-2018-4269
- CVE-2018-4276
- CVE-2018-4178
- CVE-2018-4283
- CVE-2018-3665
- CVE-2018-4259
- CVE-2018-4286
- CVE-2018-4287
- CVE-2018-4288
- CVE-2018-4291
- CVE-2018-4280
- CVE-2018-4248
- CVE-2018-4277
- CVE-2018-6797
- CVE-2018-6913
- CVE-2017-0898
- CVE-2017-10784
- CVE-2017-14033
- CVE-2017-14064
- CVE-2017-17405
- CVE-2017-17742
- CVE-2018-6914
- CVE-2018-8777
- CVE-2018-8778
- CVE-2018-8779
- CVE-2018-8780
- CVE-2018-4274
- CVE-2018-4196
- CVE-2018-4253
- CVE-2018-4256
- CVE-2018-4255
- CVE-2018-4254
- CVE-2018-4258
- CVE-2018-4257
- CVE-2018-7584
- CVE-2018-4219
- CVE-2018-4171
- CVE-2018-4194
- CVE-2018-4180
- CVE-2018-4181
- CVE-2018-4182
- CVE-2018-4183
- CVE-2018-4478
- CVE-2018-4251
- CVE-2018-4211
- CVE-2018-4229
- CVE-2018-4159
- CVE-2018-4242
- CVE-2018-4202
- CVE-2018-4217
- CVE-2018-4141
- CVE-2018-4228
- CVE-2018-4236
- CVE-2018-4234
- CVE-2018-4249
- CVE-2018-8897
- CVE-2018-4241
- CVE-2018-4243
- CVE-2018-4237
- CVE-2018-4404
- CVE-2018-4227
- CVE-2018-4235
- CVE-2018-4240
- CVE-2018-4230
- CVE-2018-4221
- CVE-2018-4223
- CVE-2018-4224
- CVE-2018-4225
- CVE-2018-4226
- CVE-2018-4184
- CVE-2018-4198
- CVE-2018-4193
- CVE-2018-4305
- CVE-2018-4363
- CVE-2018-4313
- CVE-2018-4316
- CVE-2018-4345
- CVE-2018-4191
- CVE-2018-4299
- CVE-2018-4359
- CVE-2018-4323
- CVE-2018-4358
- CVE-2018-4328
- CVE-2018-4197
- CVE-2018-4318
- CVE-2018-4306
- CVE-2018-4312
- CVE-2018-4314
- CVE-2018-4315
- CVE-2018-4317
- CVE-2018-4309
- CVE-2018-4361
- CVE-2018-4474
- CVE-2018-4360
- CVE-2018-4322
- CVE-2018-4356
- CVE-2018-4335
- CVE-2018-4352
- CVE-2018-4329
- CVE-2018-4307
- CVE-2018-4362
- CVE-2018-4325
- CVE-2018-4311
- CVE-2018-4319
- agent/type
- agent/remedy
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-5383
- agent/author
- agent/softwarecombine
- collector/apple-support
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/description
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/event
- collector/android-source
- source/Android
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- vendor/apple
- canonical/apple macos mojave
- canonical/apple macos high sierra
- canonical/apple sierra
- canonical/apple el capitan
- canonical/apple tvos
- canonical/apple ios
- vendor/google
- canonical/google android
- version/google android/6.0
- version/google android/6.0.1
- version/google android/7.0
- version/google android/7.1.1
- version/google android/7.1.2
- version/google android/8.0
- version/google android/8.1
- canonical/apple iphone os
- canonical/apple mac os x
- package-manager/debian
- package-manager/ubuntu