CVE-2023-24023

2023-11-2800:00:00

ubuntu.com

bluetooth

br/edr

security vulnerability

man-in-the-middle attacks

encryption key discovery

live injection

bluffs

bugzilla

6.8 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

8.1 High

AI Score

Confidence

High

JSON

Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections
pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain
man-in-the-middle attacks that force a short key length, and might lead to
discovery of the encryption key and live injection, aka BLUFFS.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< 4.15.0-224.236UNKNOWN
ubuntu20.04noarchlinux< 5.4.0-177.197UNKNOWN
ubuntu22.04noarchlinux< 5.15.0-105.115UNKNOWN
ubuntu23.10noarchlinux< anyUNKNOWN
ubuntu24.04noarchlinux< anyUNKNOWN
ubuntu16.04noarchlinux< 4.4.0-253.287UNKNOWN
ubuntu18.04noarchlinux-aws< 4.15.0-1167.180UNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1123.133UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1060.66UNKNOWN
ubuntu23.10noarchlinux-aws< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	linux	< 4.15.0-224.236	UNKNOWN
ubuntu	20.04	noarch	linux	< 5.4.0-177.197	UNKNOWN
ubuntu	22.04	noarch	linux	< 5.15.0-105.115	UNKNOWN
ubuntu	23.10	noarch	linux	< any	UNKNOWN
ubuntu	24.04	noarch	linux	< any	UNKNOWN
ubuntu	16.04	noarch	linux	< 4.4.0-253.287	UNKNOWN
ubuntu	18.04	noarch	linux-aws	< 4.15.0-1167.180	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< 5.4.0-1123.133	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< 5.15.0-1060.66	UNKNOWN
ubuntu	23.10	noarch	linux-aws	< any	UNKNOWN