REDHAT-BUG-2254961: Medium severity Bluetooth Core Specification vulnerability
Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS.
Refer: https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/bluffs-vulnerability/
Affected Software
Event History
Frequently Asked Questions
What is the severity of REDHAT-BUG-2254961?
The severity of REDHAT-BUG-2254961 is considered high due to the potential for man-in-the-middle attacks.
How do I fix REDHAT-BUG-2254961?
Fixing REDHAT-BUG-2254961 involves updating to a newer version of the Bluetooth Core Specification that addresses the vulnerability.
What are the implications of REDHAT-BUG-2254961?
The implications of REDHAT-BUG-2254961 include the possibility of key discovery and unauthorized data injection in Bluetooth communications.
Who is affected by REDHAT-BUG-2254961?
Consumers and developers using Bluetooth Core Specification versions 4.2 through 5.4 are affected by REDHAT-BUG-2254961.
What types of attacks are enabled by REDHAT-BUG-2254961?
REDHAT-BUG-2254961 enables man-in-the-middle attacks that can exploit Secure Simple Pairing and Secure Connections.