Main Vulnerability Database SB2019030107

SB2019030107 - OpenSUSE Linux update for kernel-firmware

Published: March 1, 2019 Updated: April 1, 2024

Security Bulletin ID SB2019030107

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Man-in-the-middle attack (CVE-ID: CVE-2018-5383)

The vulnerability allows an adjacent attacker to conduct man-in-the-middle attack on the target system.

The weakness exists in the Bluetooth Low Energy (BLE) implementation of Secure Connections mode insufficient validation of elliptic curve parameters that are used to generate public keys during a Diffie-Hellman key exchange when the affected software performs device pairing operations. An adjacent attacker can intercept the public key exchange between the two targeted systems, inject a malicious public key to aid in determining the session key, access sensitive information or forge and modify messages, which could be used to inject malicious software on the targeted system.

Remediation

Install update from vendor's website.

References

https://lists.opensuse.org/opensuse-security-announce/2019-03/msg00001.html