CVE-2020-35473

Name of the Vulnerable Software and Affected Versions Bluetooth Core Specifications versions 4.0 through 5.2

Description An information leakage issue in the Bluetooth Low Energy advertisement scan response and extended scan response may be used to identify devices using Resolvable Private Addressing (RPA) by their response or non-response to specific scan requests from remote addresses. RPAs associated with a specific remote device may also be used to identify a peer in the same manner by using its reaction to an active scan request. This issue has also been referred to as an allowlist-based side channel.

Recommendations For Bluetooth Core Specifications versions 4.0 through 5.2, consider disabling the Resolvable Private Addressing (RPA) feature until a patch is available to prevent potential identification of devices through their response to specific scan requests. Restrict access to the Bluetooth Low Energy advertisement scan response and extended scan response to minimize the risk of exploitation. Avoid using RPAs that have been associated with a specific remote device to prevent peer identification through active scan requests. At the moment, there is no information about a newer version that contains a fix for this issue.