CVE-2020-26555: Medium severity Google Android vulnerability

Published Jan 21, 2021
·
Updated

A vulnerability was found in Linux Kernel, where Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack. When an attacker connects to a victim device using the address of the device and the victim initiates a Pairing, the attacker can reflect the encrypted nonce even without knowledge of the key.

Other sources

Bluetooth Core and Mesh Specifications could allow a remote attacker to bypass security restrictions, caused by an impersonation in the BR/EDR PIN Pairing procedure flaw. By spoofing the Bluetooth Device Address (BDADDR) of the device, an attacker could exploit this vulnerability to complete pairing with a known link key, encrypt communications with the vulnerable device, and access any profiles permitted.

IBM

Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BDADDR of the peer device to complete pairing without knowledge of the PIN.

Launchpad

Affected Software

67 affected components
Google Android
Bluetooth Bluetooth Core Specification>=1.1b<=5.2
fedoraproject fedora=34
Intel Ax210 Firmware
Intel Ax210
Intel Ax201 Firmware
Intel Ax201
Intel Ax200 Firmware
Intel Ax200
Intel Ac 9560 Firmware
Intel Ac 9560
Intel Ac 9462 Firmware
Intel Ac 9462
Intel Ac 9461 Firmware
Intel Ac 9461
Intel Ac 9260 Firmware
Intel Ac 9260
Intel Ac 8265 Firmware
Intel Ac 8265
Intel Ac 8260 Firmware
Intel Ac 8260
Intel Ac 3168 Firmware
Intel Ac 3168
Intel Ac 7265 Firmware
Intel Ac 7265
Intel Ac 3165 Firmware
Intel Ac 3165
Intel Killer Wi-fi 6e Ax1675 Firmware
intel Killer Wi-fi 6e Ax1675
Intel Killer Wi-fi 6 Ax1650 Firmware
Intel Killer Wi-fi 6 Ax1650
Intel Killer Ac 1550 Firmware
Intel Killer Ac 1550
All of the following
Intel Ax210 Firmware
Intel Ax210
All of the following
Intel Ax201 Firmware
Intel Ax201
All of the following
Intel Ax200 Firmware
Intel Ax200
All of the following
Intel Ac 9560 Firmware
Intel Ac 9560
All of the following
Intel Ac 9462 Firmware
Intel Ac 9462
All of the following
Intel Ac 9461 Firmware
Intel Ac 9461
All of the following
Intel Ac 9260 Firmware
Intel Ac 9260
All of the following
Intel Ac 8265 Firmware
Intel Ac 8265
All of the following
Intel Ac 8260 Firmware
Intel Ac 8260
All of the following
Intel Ac 3168 Firmware
Intel Ac 3168
All of the following
Intel Ac 7265 Firmware
Intel Ac 7265
All of the following
Intel Ac 3165 Firmware
Intel Ac 3165
All of the following
Intel Killer Wi-fi 6e Ax1675 Firmware
intel Killer Wi-fi 6e Ax1675
All of the following
Intel Killer Wi-fi 6 Ax1650 Firmware
Intel Killer Wi-fi 6 Ax1650
All of the following
Intel Killer Ac 1550 Firmware
Intel Killer Ac 1550
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Software Stack<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Virtual Appliance<=ISVG 10.0.2
IBM Security Verify Governance Identity Manager Container<=ISVG 10.0.2

Remediation

Patch Available

https://git.kernel.org/linus/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Patch Available

https://git.kernel.org/linus/6d19628f539fccf899298ff02ee4c73e4bf6df3f

Event History

Jan 21, 2021
Data Sourced
via Red Hat·08:01 AM
DescriptionSeverityAffected Software
May 24, 2021
CVE Published
via MITRE·05:41 PM
Data Sourced
via MITRE·05:41 PM
Description
Data Sourced
via NVD·06:15 PM
DescriptionSeverityWeaknessAffected Software
Jan 11, 2024
Data Sourced
via Launchpad·11:47 PM
Description
Data Sourced
via Debian·11:48 PM
DescriptionAffected Software
Apr 28, 2025
Data Sourced
via Ubuntu·03:47 AM
RemedyDescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2020-26555?

CVE-2020-26555 has been assigned a high severity rating due to its potential for impersonation attacks during Bluetooth pairing.

2

How do I fix CVE-2020-26555?

To fix CVE-2020-26555, users should update their affected software or firmware to the latest version provided by their vendors.

3

Which devices are affected by CVE-2020-26555?

CVE-2020-26555 affects various devices including certain versions of Bluetooth Core Specification and specific Intel wireless firmware.

4

What type of attack can CVE-2020-26555 lead to?

CVE-2020-26555 can lead to impersonation attacks during the Bluetooth BR/EDR PIN Pairing procedure.

5

Is there a workaround for CVE-2020-26555?

Currently, the best practice is to promptly apply security updates from manufacturers to mitigate the risk associated with CVE-2020-26555.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203