CVE-2022-25837

Name of the Vulnerable Software and Affected Versions Bluetooth Core Specification versions 1.0B through 5.3 Linux kernel (affected versions not specified)

Description The issue concerns Bluetooth pairing and may allow an unauthenticated Man-In-The-Middle (MITM) attacker to acquire credentials when two devices are paired, one supporting BR/EDR Secure Connections pairing and the other BR/EDR Legacy PIN code pairing. The MITM negotiates BR/EDR Secure Simple Pairing in Secure Connections mode with the pairing Initiator and BR/EDR Legacy PIN code pairing with the pairing Responder, then brute forces the Passkey entered by the user into the Responder as a 6-digit PIN code. The identified PIN code value can be used to complete authentication with the Initiator via Bluetooth pairing method confusion. Additionally, there is a vulnerability in the Linux kernel's Bluetooth driver related to authentication procedure errors, which may allow a remote attacker to elevate their privileges.

Recommendations For Bluetooth Core Specification versions 1.0B through 5.3, consider disabling the BR/EDR Secure Simple Pairing in Secure Connections mode using the Passkey association model as a temporary workaround until a patch is available. For Linux kernel, at the moment, there is no information about a newer version that contains a fix for this vulnerability.