[ASB-A-174886838] Bluetooth security notice: (VU#799380.8 TLP:AMBER)
Severity
High
Affected Packages
4
Fixed Packages
4
CVEs
1
In smp_process_pairing_public_key of smp_act.cc, there is a possible interception of Bluetooth pairing from an on-path attacker due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Package | Affected Version |
---|---|
pkg:generic/android#platform/system/bt | >= 8.1:0, < 8.1:2021-06-05 |
pkg:generic/android#platform/system/bt | >= 9:0, < 9:2021-06-05 |
pkg:generic/android#platform/system/bt | >= 10:0, < 10:2021-06-05 |
pkg:generic/android#platform/system/bt | >= 11:0, < 11:2021-06-05 |
Package | Fixed Version |
---|---|
pkg:generic/android#platform/system/bt | = 8.1:2021-06-05 |
pkg:generic/android#platform/system/bt | = 9:2021-06-05 |
pkg:generic/android#platform/system/bt | = 10:2021-06-05 |
pkg:generic/android#platform/system/bt | = 11:2021-06-05 |
- ID
- ASB-A-174886838
- Severity
- high
- URL
- https://source.android.com/security/bulletin/2021-06-01
- Published
-
2021-06-01T00:00:00
(3 years ago) - Modified
-
2024-07-31T14:45:19
(7 weeks ago) - Rights
- Android Security Team
- Other Advisories
-
- ALAS2-2021-1685
- DSA-4951-1
- ELSA-2021-4432
- FEDORA-2021-a35b44fd9f
- GLSA-202209-16
- MS:CVE-2020-26558
- openSUSE-SU-2021:2184-1
- openSUSE-SU-2021:2202-1
- openSUSE-SU-2021:2291-1
- openSUSE-SU-2021:2427-1
- RHSA-2021:4432
- SSA:2021-202-01
- SUSE-SU-2021:2184-1
- SUSE-SU-2021:2202-1
- SUSE-SU-2021:2291-1
- SUSE-SU-2021:2303-1
- SUSE-SU-2021:2321-1
- SUSE-SU-2021:2324-1
- SUSE-SU-2021:2325-1
- SUSE-SU-2021:2349-1
- SUSE-SU-2021:2406-1
- SUSE-SU-2021:2421-1
- SUSE-SU-2021:2422-1
- SUSE-SU-2021:2426-1
- SUSE-SU-2021:2427-1
- SUSE-SU-2021:2451-1
- SUSE-SU-2022:3687-1
- SUSE-SU-2022:3691-1
- SUSE-SU-2024:2901-1
- SUSE-SU-2024:2923-1
- SUSE-SU-2024:2940-1
- SUSE-SU-2024:2948-1
- USN-4989-1
- USN-4989-2
- USN-5017-1
- USN-5018-1
- USN-5046-1
- USN-5050-1
- USN-5299-1
- USN-5343-1
- VU:799380
Source | # ID | Name | URL |
---|---|---|---|
Advisory | https://source.android.com/security/bulletin/2021-06-01 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Fixed | pkg:generic/android#platform/system/bt | android | = 8.1:2021-06-05 | ||||
Affected | pkg:generic/android#platform/system/bt | android | >= 8.1:0 < 8.1:2021-06-05 | ||||
Fixed | pkg:generic/android#platform/system/bt | android | = 9:2021-06-05 | ||||
Affected | pkg:generic/android#platform/system/bt | android | >= 9:0 < 9:2021-06-05 | ||||
Fixed | pkg:generic/android#platform/system/bt | android | = 10:2021-06-05 | ||||
Affected | pkg:generic/android#platform/system/bt | android | >= 10:0 < 10:2021-06-05 | ||||
Fixed | pkg:generic/android#platform/system/bt | android | = 11:2021-06-05 | ||||
Affected | pkg:generic/android#platform/system/bt | android | >= 11:0 < 11:2021-06-05 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |