8 matches found
ASB-A-446114623
In multiple locations, there is a possible way to bypass user interaction when pairing an LE device due to a logic error. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
Zero Motorcycles firmware 安全漏洞
Zero Motorcycles firmware is a control software for electric motorcycles developed by the American company Zero. Versions of Zero Motorcycles firmware prior to version 44 contained security vulnerabilities. These vulnerabilities stemmed from a flaw that allowed attackers to force device pairing v...
Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-1505005583 fixes several issues. The following security issues were fixed: CVE-2024-8805: Bluetooth: hcievent: Align BR/EDR JUSTWORKS paring with LE bsc1240840. CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in applyconstrainttosize bsc1233294...
SAMSUNG Mobile devices 安全漏洞
SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc. from Samsung South Korea. A security vulnerability exists in SAMSUNG Mobile devices versions prior to SMR Apr-2025 Release 1, which stems from mishandling of an exception condition that allows a loc...
SAMSUNG Mobile devices security vulnerability
SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices SMR Jul-2024 Release 1 prior to version 1, which stems from an improper authentication issue...
kernel: Bluetooth Forward and Future Secrecy Attacks and Defenses
A flaw was found in Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4. This issue may allow certain man-in-the-middle attacks that force a short key length and might lead to discovery of the encryption key and live...
USN-6742-2 linux-azure, linux-lowlatency, linux-nvidia vulnerabilities
Daniele Antonioli discovered that the Secure Simple Pairing and Secure Connections pairing in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials. A physically proximate attacker placed between two Bluetooth devices could use this to...
CVE-2019-2225
When pairing with a Bluetooth device, it may be possible to pair a malicious device without any confirmation from the user, and that device may be able to interact with the phone. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is...