| Name | CVE-2019-9506 |
| Description | The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more) |
| References | DLA-1919-1, DLA-1930-1, ELA-172-1 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| linux (PTS) | jessie, jessie (lts) | 3.16.84-1 | fixed |
| stretch (security) | 4.9.320-2 | fixed | |
| stretch (lts), stretch | 4.9.320-3 | fixed | |
| buster | 4.19.249-2 | fixed | |
| buster (security) | 4.19.269-1 | fixed | |
| bullseye | 5.10.158-2 | fixed | |
| bullseye (security) | 5.10.162-1 | fixed | |
| bookworm | 6.1.15-1 | fixed | |
| sid | 6.1.20-1 | fixed | |
| linux-4.9 (PTS) | jessie, jessie (lts) | 4.9.303-1~deb8u3 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| linux | source | wheezy | (unfixed) | end-of-life | ||
| linux | source | jessie | 3.16.74-1 | DLA-1930-1 | ||
| linux | source | stretch | 4.9.185-1 | |||
| linux | source | buster | 4.19.67-1 | |||
| linux | source | (unstable) | 5.2.6-1 | |||
| linux-4.9 | source | jessie | 4.9.189-3~deb8u1 | DLA-1919-1 |
Hardware issue, but mitigation in Linux kernel can be applied:
https://git.kernel.org/linus/d5bb334a8e171b262e48f378bd2096c0ea458265 (5.2-rc1)
https://git.kernel.org/linus/693cd8ce3f882524a5d06f7800dd8492411877b3 (5.2-rc6)
https://git.kernel.org/linus/eca94432934fe5f141d084f2e36ee2c0e614cc04 (5.2)