CVE-2020-26555
kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.
Un emparejamiento de código PIN BR/EDR heredado de Bluetooth en Bluetooth Core Specification versiones 1.0B hasta 5.2, puede permitir a un dispositivo cercano no autenticado falsificar el BD_ADDR del dispositivo peer para completar el emparejamiento sin conocer el PIN
A vulnerability was found in Linux Kernel, where Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack. When an attacker connects to a victim device using the address of the device and the victim initiates a Pairing, the attacker can reflect the encrypted nonce even without knowledge of the key.
Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. It was discovered that the aufs file system in the Linux kernel did not properly restrict mount namespaces, when mounted with the non-default allow_userns option set. A local attacker could use this to gain administrative privileges.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-10-04 CVE Reserved
- 2021-05-24 CVE Published
- 2024-08-04 CVE Updated
- 2025-04-02 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
- CWE-863: Incorrect Authorization
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://kb.cert.org/vuls/id/799380 | Third Party Advisory |
|
| https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Intel Search vendor "Intel" | Ax210 Firmware Search vendor "Intel" for product "Ax210 Firmware" | - | - |
Affected
| in | Intel Search vendor "Intel" | Ax210 Search vendor "Intel" for product "Ax210" | - | - |
Safe
|
| Intel Search vendor "Intel" | Ax201 Firmware Search vendor "Intel" for product "Ax201 Firmware" | - | - |
Affected
| in | Intel Search vendor "Intel" | Ax201 Search vendor "Intel" for product "Ax201" | - | - |
Safe
|
| Intel Search vendor "Intel" | Ax200 Firmware Search vendor "Intel" for product "Ax200 Firmware" | - | - |
Affected
| in | Intel Search vendor "Intel" | Ax200 Search vendor "Intel" for product "Ax200" | - | - |
Safe
|
| Intel Search vendor "Intel" | Ac 9560 Firmware Search vendor "Intel" for product "Ac 9560 Firmware" | - | - |
Affected
| in | Intel Search vendor "Intel" | Ac 9560 Search vendor "Intel" for product "Ac 9560" | - | - |
Safe
|
| Intel Search vendor "Intel" | Ac 9462 Firmware Search vendor "Intel" for product "Ac 9462 Firmware" | - | - |
Affected
| in | Intel Search vendor "Intel" | Ac 9462 Search vendor "Intel" for product "Ac 9462" | - | - |
Safe
|
| Intel Search vendor "Intel" | Ac 9461 Firmware Search vendor "Intel" for product "Ac 9461 Firmware" | - | - |
Affected
| in | Intel Search vendor "Intel" | Ac 9461 Search vendor "Intel" for product "Ac 9461" | - | - |
Safe
|
| Intel Search vendor "Intel" | Ac 9260 Firmware Search vendor "Intel" for product "Ac 9260 Firmware" | - | - |
Affected
| in | Intel Search vendor "Intel" | Ac 9260 Search vendor "Intel" for product "Ac 9260" | - | - |
Safe
|
| Intel Search vendor "Intel" | Ac 8265 Firmware Search vendor "Intel" for product "Ac 8265 Firmware" | - | - |
Affected
| in | Intel Search vendor "Intel" | Ac 8265 Search vendor "Intel" for product "Ac 8265" | - | - |
Safe
|
| Intel Search vendor "Intel" | Ac 8260 Firmware Search vendor "Intel" for product "Ac 8260 Firmware" | - | - |
Affected
| in | Intel Search vendor "Intel" | Ac 8260 Search vendor "Intel" for product "Ac 8260" | - | - |
Safe
|
| Intel Search vendor "Intel" | Ac 3168 Firmware Search vendor "Intel" for product "Ac 3168 Firmware" | - | - |
Affected
| in | Intel Search vendor "Intel" | Ac 3168 Search vendor "Intel" for product "Ac 3168" | - | - |
Safe
|
| Intel Search vendor "Intel" | Ac 7265 Firmware Search vendor "Intel" for product "Ac 7265 Firmware" | - | - |
Affected
| in | Intel Search vendor "Intel" | Ac 7265 Search vendor "Intel" for product "Ac 7265" | - | - |
Safe
|
| Intel Search vendor "Intel" | Ac 3165 Firmware Search vendor "Intel" for product "Ac 3165 Firmware" | - | - |
Affected
| in | Intel Search vendor "Intel" | Ac 3165 Search vendor "Intel" for product "Ac 3165" | - | - |
Safe
|
| Intel Search vendor "Intel" | Killer Wi-fi 6e Ax1675 Firmware Search vendor "Intel" for product "Killer Wi-fi 6e Ax1675 Firmware" | - | - |
Affected
| in | Intel Search vendor "Intel" | Killer Wi-fi 6e Ax1675 Search vendor "Intel" for product "Killer Wi-fi 6e Ax1675" | - | - |
Safe
|
| Intel Search vendor "Intel" | Killer Wi-fi 6 Ax1650 Firmware Search vendor "Intel" for product "Killer Wi-fi 6 Ax1650 Firmware" | - | - |
Affected
| in | Intel Search vendor "Intel" | Killer Wi-fi 6 Ax1650 Search vendor "Intel" for product "Killer Wi-fi 6 Ax1650" | - | - |
Safe
|
| Intel Search vendor "Intel" | Killer Ac 1550 Firmware Search vendor "Intel" for product "Killer Ac 1550 Firmware" | - | - |
Affected
| in | Intel Search vendor "Intel" | Killer Ac 1550 Search vendor "Intel" for product "Killer Ac 1550" | - | - |
Safe
|
| Bluetooth Search vendor "Bluetooth" | Bluetooth Core Specification Search vendor "Bluetooth" for product "Bluetooth Core Specification" | >= 1.1b <= 5.2 Search vendor "Bluetooth" for product "Bluetooth Core Specification" and version " >= 1.1b <= 5.2" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 34 Search vendor "Fedoraproject" for product "Fedora" and version "34" | - |
Affected
| ||||||