AVG-2345 log

Package linux
Status Vulnerable
Severity Medium
Type multiple issues
Affected 5.15.8.arch1-1
Fixed Unknown
Current 6.11.7.arch1-1 [core]
Ticket Create
Created Thu Sep 9 09:42:53 2021
Issue Severity Remote Type Description
CVE-2021-31615 Low Yes Denial of service
Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 may permit an adjacent device to inject a crafted packet...
CVE-2020-26560 Medium Yes Authentication bypass
Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, reflecting the authentication evidence from a...
CVE-2020-26559 Medium Yes Private key recovery
Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (participating in the provisioning protocol) to identify...
CVE-2020-26557 Medium Yes Private key recovery
Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (without possession of the AuthValue used in the provisioning...
CVE-2020-26556 Medium Yes Private key recovery
Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to conduct a successful brute-force attack on an...
CVE-2020-26555 Medium Yes Authentication bypass
Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR...
Notes
These are vulnerabilities at the Bluetooth protocol level, it is unclear whether any mitigations in the kernel are possible or necessary.