Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.8
CVSSv2

CVE-2019-9506

Published: 14/08/2019 Updated: 04/11/2021
CVSS v2 Base Score: 4.8 | Impact Score: 4.9 | Exploitability Score: 6.5
CVSS v3 Base Score: 8.1 | Impact Score: 5.2 | Exploitability Score: 2.8
VMScore: 429
Vector: AV:A/AC:L/Au:N/C:P/I:P/A:N
Subscribe to Android

Vulnerability Summary

It exists that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. (CVE-2018-13053)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google android -

apple mac os x 10.12.6

apple mac os x 10.14.5

apple watchos 5.3

apple iphone os 12.4

apple mac os x 10.13.6

apple tvos 12.4

canonical ubuntu linux 16.04

canonical ubuntu linux 18.04

canonical ubuntu linux 19.04

debian debian linux 8.0

opensuse leap 15.0

opensuse leap 15.1

redhat mrg realtime 2.0

redhat virtualization host eus 4.2

redhat enterprise linux 8.0

redhat enterprise linux aus 7.5

redhat enterprise linux eus 7.6

redhat enterprise linux eus 7.7

redhat enterprise linux eus 8.1

redhat enterprise linux eus 8.2

redhat enterprise linux eus 8.4

redhat enterprise linux for real time 7

redhat enterprise linux for real time 8

redhat enterprise linux for real time eus 8.2

redhat enterprise linux for real time eus 8.4

redhat enterprise linux for real time for nfv 7

redhat enterprise linux for real time for nfv 8

redhat enterprise linux for real time for nfv eus 8.2

redhat enterprise linux for real time for nfv eus 8.4

redhat enterprise linux server 7.0

redhat enterprise linux server aus 7.3

redhat enterprise linux server aus 7.4

redhat enterprise linux server aus 7.6

redhat enterprise linux server aus 7.7

redhat enterprise linux server aus 8.2

redhat enterprise linux server aus 8.4

redhat enterprise linux server tus 7.3

redhat enterprise linux server tus 7.4

redhat enterprise linux server tus 7.6

redhat enterprise linux server tus 7.7

redhat enterprise linux server tus 8.2

redhat enterprise linux server tus 8.4

redhat enterprise linux tus 7.6

huawei alp-al00b_firmware

huawei ares-al00b_firmware

huawei ares-al10d_firmware

huawei ares-tl00c_firmware

huawei asoka-al00ax_firmware

huawei atomu-l33_firmware

huawei atomu-l41_firmware

huawei atomu-l42_firmware

huawei bla-al00b_firmware

huawei bla-l29c_firmware

huawei bla-tl00b_firmware

huawei barca-al00_firmware

huawei berkeley-al20_firmware

huawei berkeley-l09_firmware

huawei berkeley-tl10_firmware

huawei cairogo-l22_firmware

huawei charlotte-l29c_firmware

huawei columbia-al10b_firmware

huawei columbia-al10i_firmware

huawei columbia-l29d_firmware

huawei columbia-tl00d_firmware

huawei cornell-al00a_firmware

huawei cornell-al00i_firmware

huawei cornell-al00ind_firmware

huawei cornell-al10ind_firmware

huawei cornell-l29a_firmware

huawei cornell-tl10b_firmware

huawei dubai-al00a_firmware

huawei dura-al00a_firmware

huawei dura-tl00a_firmware

huawei emily-l29c_firmware 8.1.0.156\\(c605\\)

huawei ever-l29b_firmware

huawei figo-l23_firmware

huawei figo-l31_firmware 8.0.0.122d\\(c652\\)

huawei figo-tl10b_firmware

huawei florida-al20b_firmware

huawei florida-l21_firmware

huawei florida-l22_firmware

huawei florida-l23_firmware

huawei florida-tl10b_firmware

huawei honor_20_firmware

huawei honor_20_pro_firmware

huawei mate_20_firmware -

huawei mate_20_pro_firmware -

huawei mate_20_x_firmware -

huawei p_smart_firmware -

huawei p_smart_2019_firmware -

huawei p20_firmware -

huawei p20_pro_firmware -

huawei p30_firmware -

huawei p30_pro_firmware -

huawei y5_2018_firmware -

huawei y5_lite_firmware -

huawei y6_2019_firmware -

huawei y6_prime_2018_firmware -

huawei y6_pro_2019_firmware -

huawei y7_2019_firmware -

huawei y9_2019_firmware -

huawei nova_3_firmware -

huawei nova_4_firmware -

huawei nova_5_firmware -

huawei nova_5i_pro_firmware -

huawei nova_lite_3_firmware -

huawei harry-al00c_firmware -

huawei harry-al10b_firmware -

huawei harry-tl00c_firmware -

huawei hima-l29c_firmware -

huawei honor_10_lite_firmware -

huawei honor_8a_firmware -

huawei honor_8x_firmware -

huawei honor_view_10_firmware -

huawei honor_view_20_firmware -

huawei jakarta-al00a_firmware -

huawei johnson-tl00d_firmware -

huawei johnson-tl00f_firmware -

huawei katyusha-al00a_firmware -

huawei laya-al00ep_firmware -

huawei leland-l21a_firmware -

huawei leland-l31a_firmware -

huawei leland-l32a_firmware -

huawei leland-l32c_firmware -

huawei leland-l42a_firmware -

huawei leland-l42c_firmware -

huawei leland-tl10b_firmware -

huawei leland-tl10c_firmware -

huawei lelandp-al00c_firmware -

huawei lelandp-al10b_firmware -

huawei lelandp-al10d_firmware -

huawei lelandp-l22a_firmware -

huawei lelandp-l22c_firmware -

huawei lelandp-l22d_firmware -

huawei london-al40ind_firmware -

huawei madrid-al00a_firmware -

huawei madrid-tl00a_firmware -

huawei neo-al00d_firmware -

huawei paris-al00ic_firmware -

huawei paris-l21b_firmware -

huawei paris-l21meb_firmware -

huawei paris-l29b_firmware -

huawei potter-al00c_firmware -

huawei potter-al10a_firmware -

huawei princeton-al10b_firmware -

huawei princeton-al10d_firmware -

huawei princeton-tl10c_firmware -

huawei sydney-al00_firmware -

huawei sydney-l21_firmware -

huawei sydney-l21br_firmware -

huawei sydney-l22_firmware -

huawei sydney-l22br_firmware -

huawei sydney-tl00_firmware -

huawei sydneym-al00_firmware -

huawei sydneym-l01_firmware -

huawei sydneym-l03_firmware -

huawei sydneym-l21_firmware -

huawei sydneym-l22_firmware -

huawei sydneym-l23_firmware -

huawei tony-al00b_firmware -

huawei tony-tl00b_firmware -

huawei yale-al00a_firmware -

huawei yale-al50a_firmware -

huawei yale-l21a_firmware -

huawei yale-l61c_firmware -

huawei yale-tl00b_firmware -

huawei yalep-al10b_firmware -

huawei imanager_neteco_firmware -

huawei imanager_neteco_6000_firmware -

huawei emily-l29c_firmware

huawei figo-l31_firmware

Vendor Advisories

Ubuntu Security Notice: linux-aws vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2 vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2 regression
USN 4115-1 introduced a regression in the Linux kernel ...
Ubuntu Security Notice: linux, linux-aws, linux-azure, linux-gcp, linux-gke-5.0, linux-hwe, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
Several security issues were fixed in the Linux kernel ...
Red Hat: Important: kernel-rt security and bug fix update
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise MRG 2Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVS ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 74 Advanced Update Support, Red Hat Enterprise Linux 74 Telco Extended Update Support, and Red Hat Enterprise Linux 74 Update Services ...
Red Hat: Important: kernel-alt security and bug fix update
Synopsis Important: kernel-alt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-alt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 75 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 76 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...
Red Hat: Important: kernel security, bug fix, and enhancement update
Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 72 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...
Red Hat: Important: kernel-rt security and bug fix update
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (C ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 73 Advanced Update Support, Red Hat Enterprise Linux 73 Telco Extended Update Support, and Red Hat Enterprise Linux 73 Update Services ...
Red Hat: Important: kpatch-patch security update
Synopsis Important: kpatch-patch security update Type/Severity Security Advisory: Important Topic An update for kpatch-patch is now available for Red Hat Enterprise Linux 76 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...
Red Hat: Important: kernel-rt security and bug fix update
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (C ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 80 Update Services for SAP SolutionsRed Hat Product Security has rated this update as having a security impact of Important A Common V ...
Red Hat: Important: kpatch-patch security update
Synopsis Important: kpatch-patch security update Type/Severity Security Advisory: Important Topic An update for kpatch-patch is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
Red Hat: CVE-2019-9506
Impact: Important Public Date: 2019-08-13 CWE: CWE-327 Bugzilla: 1727857: CVE-2019-9506 : hardware: blu ...
Cisco: Key Negotiation of Bluetooth Vulnerability
A weakness in the Bluetooth Basic Rate/Enhanced Data Rate (BR/EDR) protocol core specification exposes a vulnerability that could allow for an unauthenticated, adjacent attacker to perform a man-in-the-middle attack on an encrypted Bluetooth connection The attack must be performed during negotiation or renegotiation of a paired device connection; ...
HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBPI03634 rev. 1 - HP OfficeJet Mobile and Sprocket Printers KNOB Vulnerability
Certain HP printers are vulnerable to the Key Negotiation of Bluetooth (KNOB) attack Data over Bluetooth can be intercepted, decrypted, and modified by an unauthorized local party ...
HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBPI03634 rev. 1 - HP OfficeJet Mobile and Sprocket Printers KNOB Vulnerability
Certain HP printers are vulnerable to the Key Negotiation of Bluetooth (KNOB) attack Data over Bluetooth can be intercepted, decrypted, and modified by an unauthorized local party ...
Huawei Security Advisories: Security Advisory - Key Negotiation of Bluetooth (KNOB) Vulnerability
The KNOB (Key Negotiation of Bluetooth) vulnerability exists in the encryption key negotiation process between two Bluetooth BR/EDR devices The negotiation process is not encrypted and no authentication is performed An unauthenticated, adjacent attacker can initiate a man-in-the-middle attack to reduce the negotiated entropy length used for secur ...

Mailing Lists

Full Disclosure: APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10146, Security Update 2019-004 Hig ...
Full Disclosure: APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 124 <!--X-Subject-Header-End--> <!--X-Head-o ...

Github Repositories

https://github.com/winterheart/broadcom-bt-firmware

Repository for various Broadcom Bluetooth firmware

Broadcom Bluetooth firmware for Linux kernel Overview This package intentended to provide firmware of Broadcom WIDCOMM® Bluetooth devices (including BCM20702, BCM20703, BCM43142 chipsets and other) for Linux kernel Since February 2017, Broadcom ships their drivers directly to Windows Update service They can be downloaded here Security considerations Recently several vul

https://github.com/u10427687/bluetooth-KNOB

README Repository about our Key Negotiation Of Bluetooth (KNOB) attack CVE-2019-9506 PoC to perform the KNOB attack using internalblue v01 Code to validate and brute force E0 encryption keys Wireshark files

https://github.com/StealthIQ/awesome-stars

A curated list of my GitHub stars by stargazed

Awesome Stars A curated list of my GitHub stars! Generated by stargazed 🏠 Contents Assembly (1) Blade (1) C (2) C++ (5) CSS (4) Go (2) HTML (2) Java (1) JavaScript (2) Jinja (1) Lua (1) Nix (1) Others (22) PowerShell (2) Python (33) Rust (10) Shell (10) TypeScript (1) Assembly Name Description Author Stars 1 MalwareSourceCode Collection of malware source code

https://github.com/francozappa/knob

Key Negotiation Of Bluetooth (KNOB) attacks on Bluetooth BR/EDR and BLE [CVE-2019-9506]

README Repository about the Key Negotiation Of Bluetooth (KNOB) attacks on Bluetooth BR/EDR and Bluetooth Low Energy Related Work From the Bluetooth Standard to Standard-Compliant 0-days [HWIO20] Key Negotiation Downgrade Attacks on Bluetooth and Bluetooth Low Energy [TOPS20] Bluetooth blues: KNOB attack explained [CyberWire19] The KNOB is Broken: Exploiting Low Entropy in th

https://github.com/AlexandrBing/broadcom-bt-firmware

Broadcom Bluetooth firmware for Linux kernel Overview This package intentended to provide firmware of Broadcom WIDCOMM® Bluetooth devices (including BCM20702, BCM20703, BCM43142 chipsets and other) for Linux kernel Since February 2017, Broadcom ships their drivers directly to Windows Update service They can be downloaded here Security considerations Recently several vul

Recent Articles

Microsoft Patch Tuesday – August 2019
Symantec Threat Intelligence Blog • Ratheesh PM • 14 Aug 2024

This month the vendor has patched 93 vulnerabilities, 27 of which are rated Critical.

Posted: 14 Aug, 201926 Min ReadThreat Intelligence SubscribeFollowtwitterfacebooklinkedinMicrosoft Patch Tuesday – August 2019This month the vendor has patched 93 vulnerabilities, 27 of which are rated Critical.This month Microsoft has patched 93 vulnerabilities, 27 of which are rated Critical. As always, customers are advised to follow these security best practices: Install vendor patches as soon as they are available. Run all sof...

Read more...
The Joy of Six... critical security patches: Cisco small biz switches open to hijacking via web UI
The Register • Shaun Nichols in San Francisco • 22 Aug 2019

Plus UCS and other gear need updates Breaker, breaker. Apple's iOS 12.4 update breaks jailbreak break, un-breaks the break. 10-4

Cisco has emitted a fresh round of software updates to address security holes in its network switches and controllers. Switchzilla's latest patch bundle includes six alerts for what it rates as critical issues, including flaws in its Small Business 220 Series switches and UCS Director software. Combined with Cisco's fixes for 'high' and 'moderate' issues, the networking giant posted a total of 33 security alerts on Wednesday. For the Small Business 220 Switches, a pair of patches address CVE-201...

Read more...

References

CWE-327https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/https://www.usenix.org/conference/usenixsecurity19/presentation/antoniolihttp://www.cs.ox.ac.uk/publications/publication12404-abstract.htmlhttps://www.kb.cert.org/vuls/id/918987/http://seclists.org/fulldisclosure/2019/Aug/13http://seclists.org/fulldisclosure/2019/Aug/14http://seclists.org/fulldisclosure/2019/Aug/11http://seclists.org/fulldisclosure/2019/Aug/15http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-enhttps://usn.ubuntu.com/4115-1/https://usn.ubuntu.com/4118-1/https://lists.debian.org/debian-lts-announce/2019/09/msg00014.htmlhttps://lists.debian.org/debian-lts-announce/2019/09/msg00015.htmlhttps://lists.debian.org/debian-lts-announce/2019/09/msg00025.htmlhttps://usn.ubuntu.com/4147-1/https://access.redhat.com/errata/RHSA-2019:2975http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.htmlhttps://access.redhat.com/errata/RHSA-2019:3055https://access.redhat.com/errata/RHSA-2019:3076https://access.redhat.com/errata/RHSA-2019:3089https://access.redhat.com/errata/RHSA-2019:3187https://access.redhat.com/errata/RHSA-2019:3217https://access.redhat.com/errata/RHSA-2019:3218https://access.redhat.com/errata/RHSA-2019:3165https://access.redhat.com/errata/RHSA-2019:3220https://access.redhat.com/errata/RHSA-2019:3231https://access.redhat.com/errata/RHSA-2019:3309https://access.redhat.com/errata/RHSA-2019:3517https://access.redhat.com/errata/RHSA-2020:0204https://nvd.nist.govhttps://usn.ubuntu.com/4118-1/https://www.kb.cert.org/vuls/id/918987
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook