16 matches found
Astra Linux - уязвимость в linux-6.1, linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: The BR/EDR JUSTWORKS method has been aligned with LE. This alignment of the BR/EDR JUST WORKS method with LE was implemented since version 92516cd97fd4. „Bluetooth: Always request for user confirmation for Ju...
SUSE CVE-2026-31773
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: derive legacy responder STK authentication from MITM state The legacy responder path in smprandom currently labels the stored STK as authenticated whenever pendingseclevel is BTSECURITYHIGH. That reflects what the...
CVE-2026-31773
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: derive legacy responder STK authentication from MITM state The legacy responder path in smprandom currently labels the stored STK as authenticated whenever pendingseclevel is BTSECURITYHIGH. That reflects what the...
CVE-2026-31773 Bluetooth: SMP: derive legacy responder STK authentication from MITM state
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: derive legacy responder STK authentication from MITM state The legacy responder path in smprandom currently labels the stored STK as authenticated whenever pendingseclevel is BTSECURITYHIGH. That reflects what the...
CVE-2026-31773
The CVE-2026-31773 entry concerns the Linux kernel Bluetooth SMP implementation. The root cause is that the legacy responder path in smp_random() marks the STK as authenticated whenever pending_sec_level is BT_SECURITY_HIGH, which reflects the requested security level rather than the actual pairi...
CVE-2026-31773
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: derive legacy responder STK authentication from MITM state The legacy responder path in smprandom currently labels the stored STK as authenticated whenever pendingseclevel is BTSECURITYHIGH. That reflects what the...
PT-2026-36408
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: derive legacy responder STK authentication from MITM state The legacy responder path in smp random currently labels the stored STK as authenticated whenever pending sec level is BT SECURITY HIGH. That reflects wha...
EUVD-2025-18743
Malicious code in bioql PyPI...
CVE-2025-32877
An issue was discovered on COROS PACE 3 devices through 3.0808.0. It identifies itself as a device without input or output capabilities, which results in the use of the Just Works pairing method. This method does not implement any authentication, which therefore allows machine-in-the-middle...
CVE-2025-32877
An issue was discovered on COROS PACE 3 devices through 3.0808.0. It identifies itself as a device without input or output capabilities, which results in the use of the Just Works pairing method. This method does not implement any authentication, which therefore allows machine-in-the-middle...
CVE-2025-32877
CVE-2025-32877 affects COROS PACE 3 devices up to firmware 3.0808.0. The device identifies itself as having no input/output capabilities, leading to the use of the Just Works BLE pairing method with no authentication. This enables a machine-in-the-middle scenario and allows attackers to interact ...
SUSE CVE-2024-53144
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: Align BR/EDR JUSTWORKS paring with LE This aligned BR/EDR JUSTWORKS method with LE which since 92516cd97fd4 "Bluetooth: Always request for user confirmation for Just Works" always request user confirmation wi...
CVE-2024-53144
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: Align BR/EDR JUSTWORKS paring with LE This aligned BR/EDR JUSTWORKS method with LE which since 92516cd97fd4 "Bluetooth: Always request for user confirmation for Just Works" always request user confirmation wi...
UBUNTU-CVE-2024-53144
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: Align BR/EDR JUSTWORKS paring with LE This aligned BR/EDR JUSTWORKS method with LE which since 92516cd97fd4 "Bluetooth: Always request for user confirmation for Just Works" always request user confirmation wi...
CVE-2024-53144 Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: Align BR/EDR JUSTWORKS paring with LE This aligned BR/EDR JUSTWORKS method with LE which since 92516cd97fd4 "Bluetooth: Always request for user confirmation for Just Works" always request user confirmation wi...
Stack overflow
TI’s BLE stack caches and reuses the LTK’s property for a bonded mobile. A LTK can be an unauthenticated-and-no-MITM-protection key created by Just Works or an authenticated-and-MITM-protection key created by Passkey Entry, Numeric Comparison or OOB. Assume that a victim mobile uses secure pairin...