CVE-2020-10135: Input Validation
First published: Mon Jul 22 2019(Updated: )
A vulnerability affecting Bluetooth BR/EDR pairing was found in the Bluetooth Core specification versions 1.0 through 5.2. The flaw could allow an attacking device to spoof the address of a previously paired remote device to successfully complete the authentication procedure with some paired/bonded devices while not possessing the link key. This can permit an attacker to initiate the Bluetooth Key Negotiation attack (KNOB) on encryption key strength without intervening in an ongoing pairing procedure through an injection attack.
Credit: Daniele Antonioli SUTDSingapore Dr. Nils Ole Tippenhauer CISPAGermany Pr University of OxfordEngland Daniele Antonioli SUTDSingapore Dr. Nils Ole Tippenhauer CISPAGermany Pr University of OxfordEngland Daniele Antonioli SUTDSingapore Dr. Nils Ole Tippenhauer CISPAGermany Pr University of OxfordEngland Daniele Antonioli SUTDSingapore Dr. Nils Ole Tippenhauer CISPAGermany Pr University of OxfordEngland cret@cert.org cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple watchOS | <5.3 | 5.3 |
| Apple macOS Mojave | <10.14.6 | 10.14.6 |
| Apple High Sierra | ||
| Apple Sierra | ||
| Apple tvOS | <12.4 | 12.4 |
| Apple iOS | <12.4 | 12.4 |
| ubuntu/linux-aws-5.8 | <5.9~ | 5.9~ |
| ubuntu/linux-azure-5.8 | <5.9~ | 5.9~ |
| ubuntu/linux-gcp-5.8 | <5.9~ | 5.9~ |
| ubuntu/linux-oracle-5.8 | <5.9~ | 5.9~ |
| ubuntu/linux-riscv-5.8 | <5.9~ | 5.9~ |
| ubuntu/linux-bluefield | <5.9~ | 5.9~ |
| ubuntu/linux-hwe-5.11 | <5.9~ | 5.9~ |
| ubuntu/linux-gke-5.3 | <5.9~ | 5.9~ |
| ubuntu/linux-oracle | <4.15.0-1062.68 | 4.15.0-1062.68 |
| ubuntu/linux-oracle | <5.9~ | 5.9~ |
| ubuntu/linux-oracle | <5.4.0-1030.32 | 5.4.0-1030.32 |
| ubuntu/linux-oracle | <5.8.0-1011.11 | 5.8.0-1011.11 |
| ubuntu/linux-oracle | <4.15.0-1062.68~16.04.1 | 4.15.0-1062.68~16.04.1 |
| ubuntu/linux-raspi2 | <5.9~ | 5.9~ |
| ubuntu/linux-raspi2 | <4.15.0-1077.82 | 4.15.0-1077.82 |
| ubuntu/linux-raspi2 | <4.4.0-1142.152 | 4.4.0-1142.152 |
| ubuntu/linux-azure-5.13 | <5.9~ | 5.9~ |
| ubuntu/linux-azure-5.11 | <5.9~ | 5.9~ |
| ubuntu/linux-oracle-5.11 | <5.9~ | 5.9~ |
| ubuntu/linux-gke-5.4 | <5.4.0-1030.32~18.04.1 | 5.4.0-1030.32~18.04.1 |
| ubuntu/linux-gke-5.4 | <5.9~ | 5.9~ |
| ubuntu/linux-gkeop-5.4 | <5.4.0-1005.6 | 5.4.0-1005.6 |
| ubuntu/linux-gkeop-5.4 | <5.9~ | 5.9~ |
| ubuntu/linux-aws | <4.15.0-1091.96 | 4.15.0-1091.96 |
| ubuntu/linux-aws | <5.4.0-1030.31 | 5.4.0-1030.31 |
| ubuntu/linux-aws | <5.8.0-1014.15 | 5.8.0-1014.15 |
| ubuntu/linux-aws | <4.4.0-1082.86 | 4.4.0-1082.86 |
| ubuntu/linux-aws | <5.9~ | 5.9~ |
| ubuntu/linux-aws | <4.4.0-1118.132 | 4.4.0-1118.132 |
| ubuntu/linux-azure-4.15 | <4.15.0-1103.114 | 4.15.0-1103.114 |
| ubuntu/linux-azure-4.15 | <5.9~ | 5.9~ |
| ubuntu/linux-hwe-5.8 | <5.8.0-31.33~20.04.1 | 5.8.0-31.33~20.04.1 |
| ubuntu/linux-hwe-5.8 | <5.9~ | 5.9~ |
| ubuntu/linux-dell300x | <4.15.0-1010.14 | 4.15.0-1010.14 |
| ubuntu/linux-dell300x | <5.9~ | 5.9~ |
| ubuntu/linux-gkeop | <5.9~ | 5.9~ |
| ubuntu/linux-azure-5.3 | <5.9~ | 5.9~ |
| ubuntu/linux | <4.15.0-129.132 | 4.15.0-129.132 |
| ubuntu/linux | <5.4.0-56.62 | 5.4.0-56.62 |
| ubuntu/linux | <5.8.0-31.33 | 5.8.0-31.33 |
| ubuntu/linux | <5.9~ | 5.9~ |
| ubuntu/linux | <4.4.0-197.229 | 4.4.0-197.229 |
| ubuntu/linux-hwe | <5.9~ | 5.9~ |
| ubuntu/linux-hwe | <4.15.0-129.132~16.04.1 | 4.15.0-129.132~16.04.1 |
| ubuntu/linux-aws-5.0 | <5.9~ | 5.9~ |
| ubuntu/linux-aws-5.3 | <5.9~ | 5.9~ |
| ubuntu/linux-azure | <4.15.0-1103.114~14.04.1 | 4.15.0-1103.114~14.04.1 |
| ubuntu/linux-azure | <5.4.0-1032.33 | 5.4.0-1032.33 |
| ubuntu/linux-azure | <5.8.0-1013.14 | 5.8.0-1013.14 |
| ubuntu/linux-azure | <5.9~ | 5.9~ |
| ubuntu/linux-azure | <4.15.0-1103.114~16.04.1 | 4.15.0-1103.114~16.04.1 |
| ubuntu/linux-gcp-4.15 | <4.15.0-1091.104 | 4.15.0-1091.104 |
| ubuntu/linux-gcp-4.15 | <5.9~ | 5.9~ |
| ubuntu/linux-hwe-5.4 | <5.4.0-56.62~18.04.1 | 5.4.0-56.62~18.04.1 |
| ubuntu/linux-hwe-5.4 | <5.9~ | 5.9~ |
| ubuntu/linux-aws-5.4 | <5.4.0-1030.31~18.04.1 | 5.4.0-1030.31~18.04.1 |
| ubuntu/linux-aws-5.4 | <5.9~ | 5.9~ |
| ubuntu/linux-azure-5.4 | <5.4.0-1032.33~18.04.1 | 5.4.0-1032.33~18.04.1 |
| ubuntu/linux-gcp-5.4 | <5.4.0-1030.32~18.04.1 | 5.4.0-1030.32~18.04.1 |
| ubuntu/linux-gcp-5.4 | <5.9~ | 5.9~ |
| ubuntu/linux-oracle-5.4 | <5.4.0-1030.32~18.04.1 | 5.4.0-1030.32~18.04.1 |
| ubuntu/linux-gke | <5.9~ | 5.9~ |
| ubuntu/linux-aws-hwe | <5.9~ | 5.9~ |
| ubuntu/linux-aws-hwe | <4.15.0-1091.96~16.04.1 | 4.15.0-1091.96~16.04.1 |
| ubuntu/linux-azure-edge | <5.9~ | 5.9~ |
| ubuntu/linux-gcp | <5.4.0-1030.32 | 5.4.0-1030.32 |
| ubuntu/linux-gcp | <5.8.0-1012.12 | 5.8.0-1012.12 |
| ubuntu/linux-gcp | <5.9~ | 5.9~ |
| ubuntu/linux-gcp | <4.15.0-1091.104~16.04.1 | 4.15.0-1091.104~16.04.1 |
| ubuntu/linux-gcp-edge | <5.9~ | 5.9~ |
| ubuntu/linux-gke-4.15 | <4.15.0-1077.82 | 4.15.0-1077.82 |
| ubuntu/linux-gke-4.15 | <5.9~ | 5.9~ |
| ubuntu/linux-gke-5.0 | <5.9~ | 5.9~ |
| ubuntu/linux-hwe-edge | <5.9~ | 5.9~ |
| ubuntu/linux-oem-5.13 | <5.9~ | 5.9~ |
| ubuntu/linux-riscv-5.11 | <5.9~ | 5.9~ |
| ubuntu/linux-aws-5.11 | <5.9~ | 5.9~ |
| ubuntu/linux-aws-5.13 | <5.9~ | 5.9~ |
| ubuntu/linux-azure-fde | <5.4.0-1032.33 | 5.4.0-1032.33 |
| ubuntu/linux-azure-fde | <5.9~ | 5.9~ |
| ubuntu/linux-fips | <5.9~ | 5.9~ |
| ubuntu/linux-gcp-5.11 | <5.9~ | 5.9~ |
| ubuntu/linux-gcp-5.13 | <5.9~ | 5.9~ |
| ubuntu/linux-hwe-5.13 | <5.9~ | 5.9~ |
| ubuntu/linux-ibm | <5.9~ | 5.9~ |
| ubuntu/linux-ibm-5.4 | <5.9~ | 5.9~ |
| ubuntu/linux-intel-5.13 | <5.9~ | 5.9~ |
| ubuntu/linux-oem-5.6 | <5.6.0-1048.52 | 5.6.0-1048.52 |
| ubuntu/linux-oem-5.6 | <5.9~ | 5.9~ |
| ubuntu/linux-raspi-5.4 | <5.4.0-1023.26~18.04.1 | 5.4.0-1023.26~18.04.1 |
| ubuntu/linux-raspi-5.4 | <5.9~ | 5.9~ |
| ubuntu/linux-snapdragon | <4.4.0-1146.156 | 4.4.0-1146.156 |
| ubuntu/linux-snapdragon | <4.15.0-1094.103 | 4.15.0-1094.103 |
| ubuntu/linux-snapdragon | <5.9~ | 5.9~ |
| ubuntu/linux-kvm | <4.15.0-1082.84 | 4.15.0-1082.84 |
| ubuntu/linux-kvm | <5.4.0-1028.29 | 5.4.0-1028.29 |
| ubuntu/linux-kvm | <5.8.0-1011.12 | 5.8.0-1011.12 |
| ubuntu/linux-kvm | <5.9~ | 5.9~ |
| ubuntu/linux-kvm | <4.4.0-1084.93 | 4.4.0-1084.93 |
| ubuntu/linux-lowlatency | <5.9~ | 5.9~ |
| ubuntu/linux-lts-trusty | <5.9~ | 5.9~ |
| ubuntu/linux-lts-xenial | <4.4.0-197.229~14.04.1 | 4.4.0-197.229~14.04.1 |
| ubuntu/linux-lts-xenial | <5.9~ | 5.9~ |
| ubuntu/linux-oem | <5.9~ | 5.9~ |
| ubuntu/linux-oem-5.10 | <5.9~ | 5.9~ |
| ubuntu/linux-oem-5.17 | <5.9~ | 5.9~ |
| ubuntu/linux-oem-osp1 | <5.9~ | 5.9~ |
| ubuntu/linux-oracle-5.0 | <5.9~ | 5.9~ |
| ubuntu/linux-oracle-5.13 | <5.9~ | 5.9~ |
| ubuntu/linux-raspi | <5.4.0-1023.26 | 5.4.0-1023.26 |
| ubuntu/linux-raspi | <5.8.0-1008.11 | 5.8.0-1008.11 |
| ubuntu/linux-raspi | <5.9~ | 5.9~ |
| ubuntu/linux-raspi2-5.3 | <5.9~ | 5.9~ |
| ubuntu/linux-riscv | <5.4.0-37.42 | 5.4.0-37.42 |
| ubuntu/linux-riscv | <5.8.0-10.12 | 5.8.0-10.12 |
| ubuntu/linux-riscv | <5.9~ | 5.9~ |
| Bluetooth Bluetooth Core | <=5.2 | |
| Bluetooth Bluetooth Core | <=5.2 | |
| openSUSE Leap | =15.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html
- http://packetstormsecurity.com/files/157922/Bluetooth-Impersonation-Attack-BIAS-Proof-Of-Concept.html
- http://seclists.org/fulldisclosure/2020/Jun/5
- https://francozappa.github.io/about-bias/
- https://kb.cert.org/vuls/id/647177/
- https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/bias-vulnerability/
- https://launchpad.net/bugs/cve/CVE-2020-10135
- https://security-tracker.debian.org/tracker/CVE-2020-10135
- https://support.apple.com/en-us/HT210353 (Advisory)
- https://support.apple.com/en-us/HT210348 (Advisory)
- https://support.apple.com/en-us/HT210351 (Advisory)
- https://support.apple.com/en-us/HT210346 (Advisory)
- https://access.redhat.com/security/cve/CVE-2019-9506
- https://access.redhat.com/solutions/2682931
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1841538
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=3ca44c16b0dcc764b641ee4ac226909f5c421aa3
- https://bugzilla.redhat.com/show_bug.cgi?id=1832397
- https://packetstormsecurity.com/files/157922/Bluetooth-Impersonation-Attack-BIAS-Proof-Of-Concept.html
- https://bugzilla.suse.com/show_bug.cgi?id=1171988
- https://lore.kernel.org/linux-bluetooth/20200520212015.626026-2-luiz.dentz@gmail.com/T/#m3d2012da00716dc280e9725484e8ff1d640d03b5
- https://lkml.org/lkml/2020/10/15/98
- https://github.com/marcinguy/CVE-2020-10135-BIAS
- https://ubuntu.com/security/notices/USN-4657-1
- https://ubuntu.com/security/notices/USN-4658-1
- https://ubuntu.com/security/notices/USN-4659-1
- https://ubuntu.com/security/notices/USN-4680-1
- https://ubuntu.com/security/notices/USN-4752-1
- https://www.cve.org/CVERecord?id=CVE-2020-10135
- https://nvd.nist.gov/vuln/detail/CVE-2020-10135
- https://git.kernel.org/linus/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
- https://git.kernel.org/linus/3ca44c16b0dcc764b641ee4ac226909f5c421aa3
- https://git.kernel.org/linus/8746f135bb01872ff412d408ea1aa9ebd328c1f5
- https://ubuntu.com/security/CVE-2020-10135
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2019-9506
- CVE-2020-10135
- CVE-2019-8646
- CVE-2019-8647
- CVE-2019-8660
- CVE-2019-8624
- CVE-2019-8648
- CVE-2018-16860
- CVE-2019-8668
- CVE-2019-8633
- CVE-2019-13118
- CVE-2019-8659
- CVE-2019-8665
- CVE-2019-8662
- CVE-2019-8657
- CVE-2019-8682
- CVE-2019-8658
- CVE-2019-8669
- CVE-2019-8672
- CVE-2019-8676
- CVE-2019-8683
- CVE-2019-8684
- CVE-2019-8685
- CVE-2019-8688
- CVE-2019-8689
- CVE-2019-8693
- CVE-2019-8656
- CVE-2018-19860
- CVE-2019-8661
- CVE-2019-8675
- CVE-2019-8696
- CVE-2019-8539
- CVE-2019-8697
- CVE-2019-8663
- CVE-2019-8702
- CVE-2019-8695
- CVE-2019-8691
- CVE-2019-8692
- CVE-2019-8694
- CVE-2019-8670
- CVE-2019-8701
- CVE-2019-8667
- CVE-2019-8690
- CVE-2019-8649
- CVE-2019-8644
- CVE-2019-8666
- CVE-2019-8671
- CVE-2019-8673
- CVE-2019-8677
- CVE-2019-8678
- CVE-2019-8679
- CVE-2019-8680
- CVE-2019-8681
- CVE-2019-8686
- CVE-2019-8687
- CVE-2019-8698
- CVE-2019-8699
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/security-tracker-debian
- source/Debian
- collector/apple-support
- alias/CVE-2020-10135
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/remedy
- agent/severity
- agent/author
- agent/weakness
- agent/event
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- agent/software-canonical-lookup
- agent/references
- agent/tags
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- vendor/apple
- canonical/apple watchos
- canonical/apple macos mojave
- canonical/apple high sierra
- canonical/apple sierra
- canonical/apple tvos
- canonical/apple ios
- package-manager/ubuntu
- vendor/bluetooth
- canonical/bluetooth bluetooth core
- version/bluetooth bluetooth core/5.2
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.1