CVE-2019-9506
Published: 13 August 2019
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.
From the Ubuntu security team
Daniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen discovered that the Bluetooth protocol BR/EDR specification did not properly require sufficiently strong encryption key lengths. A physically proximate attacker could use this to expose sensitive information.
Priority
Medium
CVSS 3 base score: 8.1
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-9.12)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-60.67)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(4.4.0-159.187)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Ignored
(was needs-triage ESM criteria)
|
|
|
Patches: Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Fixed by d5bb334a8e171b262e48f378bd2096c0ea458265 Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Fixed by 693cd8ce3f882524a5d06f7800dd8492411877b3 Introduced by 693cd8ce3f882524a5d06f7800dd8492411877b3 Fixed by eca94432934fe5f141d084f2e36ee2c0e614cc04 |
||
|
linux-hwe Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(5.0.0-31.33~18.04.1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(4.15.0-60.67~16.04.1)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Ignored
(was pending \[5.3.0-19.20~18.04.2\] now end-of-life)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(4.15.0-60.67~16.04.1)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Ignored
(was needs-triage ESM criteria)
|
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-oem Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-1056.65)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Ignored
(was needs-triage now end-of-life)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-kvm Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(CONFIG_BT not set)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(CONFIG_BT not set)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Not vulnerable
(CONFIG_BT not set)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-aws Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-1005.5)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-1047.49)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(4.4.0-1090.101)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Ignored
(was needs-triage ESM criteria)
|
|
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(4.15.0-1047.49~16.04.1)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-azure Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(CONFIG_BT not set)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(CONFIG_BT not set)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Not vulnerable
(CONFIG_BT not set)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Ignored
(was needs-triage ESM criteria)
|
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(CONFIG_BT not set)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Not vulnerable
(CONFIG_BT not set)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-gcp Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-1005.5)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-1042.45)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(4.15.0-1041.43)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-gcp-edge Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-1042.45)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-gke-4.15 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-1041.43)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-gke-5.0 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(5.0.0-1020.20~18.04.1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-oracle Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-1005.5)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-1022.25)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(4.15.0-1022.25~16.04.1)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-1004.4)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-1044.47)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(4.4.0-1118.127)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-1062.69)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(4.4.0-1122.128)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-oem-osp1 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(5.0.0-1024.27)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-aws-5.0 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(5.0.0-1021.24~18.04.1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-azure-5.3 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(5.3.0-1007.8~18.04.1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-gcp-5.3 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(5.3.0-1008.9~18.04.1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-oracle-5.0 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(5.0.0-1007.12~18.04.1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-raspi2-5.3 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(5.3.0-1017.19~18.04.1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-oem-5.6 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-1002.4)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-gke-5.3 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(5.3.0-1011.12~18.04.1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-oracle-5.3 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(5.3.0-1011.12~18.04.1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
Notes
| Author | Note |
|---|---|
| sbeattie | CERT VU#918987 |
| mdeslaur | Mitigation for this issue was added to the kernel |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9506
- https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli
- https://knobattack.com/
- https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/
- https://ubuntu.com/security/notices/USN-4115-1
- https://ubuntu.com/security/notices/USN-4118-1
- https://ubuntu.com/security/notices/USN-4147-1
- NVD
- Launchpad
- Debian