CVE-2018-5383

Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange

Severity Score

6.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.

El firmware bluetooth o los controladores de software del sistema operativo en versiones de macOS anteriores a la 10.13, versiones High Sierra e iOS anteriores a la 11.4 y versiones de Android anteriores al parche del 05/06/2018, podrían no validar lo suficiente parámetros de curva elíptica empleados para generar claves públicas durante un intercambio de claves Diffie-Hellman, lo que podría permitir que un atacante remoto obtenga la clave de cifrado empleada por el dispositivo.

A vulnerability in Bluetooth pairing potentially allows an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth devices. This may result in information disclosure, elevation of privilege and/or denial of service.

Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

*Credits: Lior Neumann and Eli Biham of the Techion Israel Institute of Technology

CVSS Scores

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Adjacent

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-01-12 CVE Reserved
2018-07-23 CVE Published
2024-09-16 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-325: Missing Cryptographic Step
CWE-347: Improper Verification of Cryptographic Signature

CAPEC

References (14)

URL	Tag	Source
http://www.cs.technion.ac.il/~biham/BT	Mitigation
http://www.securityfocus.com/bid/104879	Third Party Advisory
http://www.securitytracker.com/id/1041432	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html	Mailing List
https://www.kb.cert.org/vuls/id/304725	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/errata/RHSA-2019:2169	2019-10-03
https://usn.ubuntu.com/4094-1	2019-10-03
https://usn.ubuntu.com/4095-1	2019-10-03
https://usn.ubuntu.com/4095-2	2019-10-03
https://usn.ubuntu.com/4118-1	2019-10-03
https://usn.ubuntu.com/4351-1	2019-10-03
https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update	2019-10-03
https://access.redhat.com/security/cve/CVE-2018-5383	2019-08-06
https://bugzilla.redhat.com/show_bug.cgi?id=1614159	2019-08-06

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Google Search vendor "Google"		Android Search vendor "Google" for product "Android"				6.0 Search vendor "Google" for product "Android" and version "6.0"		-		Affected
Google Search vendor "Google"		Android Search vendor "Google" for product "Android"				6.0.1 Search vendor "Google" for product "Android" and version "6.0.1"		-		Affected
Google Search vendor "Google"		Android Search vendor "Google" for product "Android"				7.0 Search vendor "Google" for product "Android" and version "7.0"		-		Affected
Google Search vendor "Google"		Android Search vendor "Google" for product "Android"				7.1.1 Search vendor "Google" for product "Android" and version "7.1.1"		-		Affected
Google Search vendor "Google"		Android Search vendor "Google" for product "Android"				7.1.2 Search vendor "Google" for product "Android" and version "7.1.2"		-		Affected
Google Search vendor "Google"		Android Search vendor "Google" for product "Android"				8.0 Search vendor "Google" for product "Android" and version "8.0"		-		Affected
Google Search vendor "Google"		Android Search vendor "Google" for product "Android"				8.1 Search vendor "Google" for product "Android" and version "8.1"		-		Affected
Apple Search vendor "Apple"		Iphone Os Search vendor "Apple" for product "Iphone Os"				< 11.4 Search vendor "Apple" for product "Iphone Os" and version " < 11.4"		-		Affected
Apple Search vendor "Apple"		Mac Os X Search vendor "Apple" for product "Mac Os X"				< 10.13 Search vendor "Apple" for product "Mac Os X" and version " < 10.13"		-		Affected