CVE-2020-26558

Name of the Vulnerable Software and Affected Versions: Bluetooth Core Specification versions 2.1 through 5.2 Linux kernel (affected versions not specified)

Description: The issue is related to weaknesses in the authentication procedure of the Bluetooth Core Specification, which can be exploited by a nearby man-in-the-middle attacker to identify the Passkey used during pairing. This could allow the attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time. The vulnerability may permit a remote attacker to gain access to confidential data and compromise their integrity.

Recommendations: For Bluetooth Core Specification versions 2.1 through 5.2, consider rejecting matching public keys to stay safe. For Linux kernel, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling Bluetooth pairing until a patch is available. Restrict access to Bluetooth devices to minimize the risk of exploitation.