CVE-2022-25836

Name of the Vulnerable Software and Affected Versions Bluetooth Core Specification versions 4.0 through 5.3 Linux kernel (affected versions not specified)

Description The issue is related to errors in the authentication procedure of the Bluetooth Low Energy driver in the Linux kernel. It may allow a remote attacker to elevate their privileges. The Bluetooth Low Energy Pairing in Bluetooth Core Specification versions 4.0 through 5.3 is vulnerable to an unauthenticated Man-In-The-Middle (MITM) attack. The MITM can acquire credentials by negotiating Legacy Passkey Pairing with the pairing Initiator and Secure Connections Passkey Pairing with the pairing Responder, then brute forcing the Passkey entered by the user into the Initiator. The identified Passkey value can be used to complete authentication with the Responder via Bluetooth pairing method confusion.

Recommendations For Bluetooth Core Specification versions 4.0 through 5.3, consider disabling Legacy Passkey Pairing to minimize the risk of exploitation. For Linux kernel, at the moment, there is no information about a newer version that contains a fix for this vulnerability.