Main Vulnerability Database SB2019102421

SB2019102421 - Red Hat update for kernel

Published: October 24, 2019

Security Bulletin ID SB2019102421

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Physical access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Cryptographic issues (CVE-ID: CVE-2019-9506)

CWE-ID: CWE-310 - Cryptographic Issues

CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to a weakness in Bluetooth Basic Rate/Enhanced Data Rate (BR/EDR) protocol core specification that allows an attacker with close proximity to the affected system to perform a man-in-the-middle attack on an encrypted Bluetooth connection.

Successful exploitation of the vulnerability may allow an attacker to gain access to sensitive information or perform unauthorized actions.

Remediation

Install update from vendor's website.

References

https://access.redhat.com/errata/RHSA-2019:3187