CVE-2018-5383
Summary
| CVE | CVE-2018-5383 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-08-07 21:29:00 UTC |
| Updated | 2019-10-03 00:03:00 UTC |
| Description | Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. |
Risk And Classification
Problem Types: CWE-347
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Apple | Iphone Os | All | All | All | All |
| Operating System | Apple | Iphone Os | All | All | All | All |
| Operating System | Apple | Mac Os X | All | All | All | All |
| Operating System | Apple | Mac Os X | All | All | All | All |
| Operating System | Android | 6.0 | All | All | All | |
| Operating System | Android | 6.0.1 | All | All | All | |
| Operating System | Android | 7.0 | All | All | All | |
| Operating System | Android | 7.1.1 | All | All | All | |
| Operating System | Android | 7.1.2 | All | All | All | |
| Operating System | Android | 8.0 | All | All | All | |
| Operating System | Android | 8.1 | All | All | All | |
| Operating System | Android | 6.0 | All | All | All | |
| Operating System | Android | 6.0.1 | All | All | All | |
| Operating System | Android | 7.0 | All | All | All | |
| Operating System | Android | 7.1.1 | All | All | All | |
| Operating System | Android | 7.1.2 | All | All | All | |
| Operating System | Android | 8.0 | All | All | All | |
| Operating System | Android | 8.1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Multiple Bluetooth Drivers CVE-2018-5383 Security Bypass Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Breaking the Bluetooth Pairing – Fixed Coordinate Invalid Curve Attack | MISC | www.cs.technion.ac.il | Mitigation, Third Party Advisory |
| USN-4095-2: Linux kernel (Xenial HWE) vulnerabilities | Ubuntu security notices | Ubuntu | UBUNTU | usn.ubuntu.com | |
| USN-4095-1: Linux kernel vulnerabilities | Ubuntu security notices | Ubuntu | UBUNTU | usn.ubuntu.com | |
| USN-4118-1: Linux kernel (AWS) vulnerabilities | Ubuntu security notices | Ubuntu | UBUNTU | usn.ubuntu.com | |
| USN-4094-1: Linux kernel vulnerabilities | Ubuntu security notices | Ubuntu | UBUNTU | usn.ubuntu.com | |
| [SECURITY] [DLA 1747-1] firmware-nonfree security update | MLIST | lists.debian.org | |
| Google Android Multiple Flaws Let Remote Users Execute Arbitrary Code and Let Applications Gain Elevated Privileges and Obtain Potentially Sensitive Information - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| CERT Vulnerability Notes Database | CERT-VN | www.kb.cert.org | Third Party Advisory, US Government Resource |
| USN-4351-1: Linux firmware vulnerability | Ubuntu security notices | Ubuntu | UBUNTU | usn.ubuntu.com | |
| Bluetooth SIG Security Update | Bluetooth Technology Website | CONFIRM | www.bluetooth.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Lior Neumann and Eli Biham of the Techion Israel Institute of Technology
Legacy QID Mappings
- 377048 Alibaba Cloud Linux Security Update for linux-firmware (ALINUX2-SA-2019:0101)