A flaw was found in the Linux kernel’s authentication protocol in the Bluetooth® Mesh Profile Specification. A vulnerability occurs if the AuthValue is identified during the provisioning procedure, even if the AuthValue is selected randomly. This flaw allows an malicious user to identify the AuthValue used before the provisioning procedure times out, possibly completing the provisioning operation and obtaining a NetKey. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bluetooth mesh profile 1.0.0 |
||
bluetooth mesh profile 1.0.1 |
||
bluetooth bluetooth core specification |