SB2019080717 - Red Hat update for linux-firmware

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019080717

SB2019080717 - Red Hat update for linux-firmware

Published: August 7, 2019 Updated: April 1, 2024

Security Bulletin ID SB2019080717
Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Adjecent network
Highest impact Information disclosure

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Man-in-the-middle attack (CVE-ID: CVE-2018-5383)

The vulnerability allows an adjacent attacker to conduct man-in-the-middle attack on the target system.

The weakness exists in the Bluetooth Low Energy (BLE) implementation of Secure Connections mode insufficient validation of elliptic curve parameters that are used to generate public keys during a Diffie-Hellman key exchange when the affected software performs device pairing operations. An adjacent attacker can intercept the public key exchange between the two targeted systems, inject a malicious public key to aid in determining the session key,  access sensitive information or forge and modify messages, which could be used to inject malicious software on the targeted system. 


Remediation

Install update from vendor's website.

References