[ASB-A-174886838] Bluetooth security notice: (VU#799380.8 TLP:AMBER)
Severity
High
Affected Packages
4
Fixed Packages
4
CVEs
1
In smp_process_pairing_public_key of smp_act.cc, there is a possible interception of Bluetooth pairing from an on-path attacker due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
| Package | Affected Version |
|---|---|
 pkg:generic/android#platform/system/bt
|
>= 8.1:0, < 8.1:2021-06-05 |
|
pkg:generic/android#platform/system/bt
|
>= 9:0, < 9:2021-06-05 |
|
pkg:generic/android#platform/system/bt
|
>= 10:0, < 10:2021-06-05 |
|
pkg:generic/android#platform/system/bt
|
>= 11:0, < 11:2021-06-05 |
| Package | Fixed Version |
|---|---|
|
pkg:generic/android#platform/system/bt
|
= 8.1:2021-06-05 |
|
pkg:generic/android#platform/system/bt
|
= 9:2021-06-05 |
|
pkg:generic/android#platform/system/bt
|
= 10:2021-06-05 |
|
pkg:generic/android#platform/system/bt
|
= 11:2021-06-05 |
- ID
- ASB-A-174886838
- Severity
- high
- URL
- https://source.android.com/security/bulletin/2021-06-01
- Published
-
2021-06-01T00:00:00
(3 years ago) - Modified
-
2024-07-31T14:45:19
(7 weeks ago) - Rights
- Android Security Team
- Other Advisories
-
-
ALAS2-2021-1685
-
DSA-4951-1
-
ELSA-2021-4432
-
FEDORA-2021-a35b44fd9f
-
GLSA-202209-16
-
MS:CVE-2020-26558
-
openSUSE-SU-2021:2184-1
-
openSUSE-SU-2021:2202-1
-
openSUSE-SU-2021:2291-1
-
openSUSE-SU-2021:2427-1
-
RHSA-2021:4432
-
SSA:2021-202-01
-
SUSE-SU-2021:2184-1
-
SUSE-SU-2021:2202-1
-
SUSE-SU-2021:2291-1
-
SUSE-SU-2021:2303-1
-
SUSE-SU-2021:2321-1
-
SUSE-SU-2021:2324-1
-
SUSE-SU-2021:2325-1
-
SUSE-SU-2021:2349-1
-
SUSE-SU-2021:2406-1
-
SUSE-SU-2021:2421-1
-
SUSE-SU-2021:2422-1
-
SUSE-SU-2021:2426-1
-
SUSE-SU-2021:2427-1
-
SUSE-SU-2021:2451-1
-
SUSE-SU-2022:3687-1
-
SUSE-SU-2022:3691-1
-
SUSE-SU-2024:2901-1
-
SUSE-SU-2024:2923-1
-
SUSE-SU-2024:2940-1
-
SUSE-SU-2024:2948-1
-
USN-4989-1
-
USN-4989-2
-
USN-5017-1
-
USN-5018-1
-
USN-5046-1
-
USN-5050-1
-
USN-5299-1
-
USN-5343-1
-
VU:799380
-
| Source | # ID | Name | URL |
|---|---|---|---|
| Advisory |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Fixed | pkg:generic/android#platform/system/bt | android | = 8.1:2021-06-05 | ||||
| Affected | pkg:generic/android#platform/system/bt | android | >= 8.1:0 < 8.1:2021-06-05 | ||||
| Fixed | pkg:generic/android#platform/system/bt | android | = 9:2021-06-05 | ||||
| Affected | pkg:generic/android#platform/system/bt | android | >= 9:0 < 9:2021-06-05 | ||||
| Fixed | pkg:generic/android#platform/system/bt | android | = 10:2021-06-05 | ||||
| Affected | pkg:generic/android#platform/system/bt | android | >= 10:0 < 10:2021-06-05 | ||||
| Fixed | pkg:generic/android#platform/system/bt | android | = 11:2021-06-05 | ||||
| Affected | pkg:generic/android#platform/system/bt | android | >= 11:0 < 11:2021-06-05 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |