On Thu, Oct 15, 2020 at 09:43:33AM +0200, Hans-Christian Noren Egtvedt wrote: > From: Luiz Augusto von Dentz <luiz.von.de...@intel.com> > > E0 is not allowed with Level 4: > > BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 3, Part C page 1319: > > '128-bit equivalent strength for link and encryption keys > required using FIPS approved algorithms (E0 not allowed, > SAFER+ not allowed, and P-192 not allowed; encryption key > not shortened' > > SC enabled: > > > HCI Event: Read Remote Extended Features (0x23) plen 13 > Status: Success (0x00) > Handle: 256 > Page: 1/2 > Features: 0x0b 0x00 0x00 0x00 0x00 0x00 0x00 0x00 > Secure Simple Pairing (Host Support) > LE Supported (Host) > Secure Connections (Host Support) > > HCI Event: Encryption Change (0x08) plen 4 > Status: Success (0x00) > Handle: 256 > Encryption: Enabled with AES-CCM (0x02) > > SC disabled: > > > HCI Event: Read Remote Extended Features (0x23) plen 13 > Status: Success (0x00) > Handle: 256 > Page: 1/2 > Features: 0x03 0x00 0x00 0x00 0x00 0x00 0x00 0x00 > Secure Simple Pairing (Host Support) > LE Supported (Host) > > HCI Event: Encryption Change (0x08) plen 4 > Status: Success (0x00) > Handle: 256 > Encryption: Enabled with E0 (0x01) > [May 8 20:23] Bluetooth: hci0: Invalid security: expect AES but E0 was used > < HCI Command: Disconnect (0x01|0x0006) plen 3 > Handle: 256 > Reason: Authentication Failure (0x05) > > Signed-off-by: Luiz Augusto von Dentz <luiz.von.de...@intel.com> > Signed-off-by: Marcel Holtmann <mar...@holtmann.org> > (cherry picked from commit 8746f135bb01872ff412d408ea1aa9ebd328c1f5) > (cherry picked from commit f263237a1709a6dbf1dc9945187f1e64c53a4b73)
I do not see this commit in Linus's tree. > --- > AFAICT, fixing CVE 2020-10135 Bluetooth impersonation attacks have been > left out for the 4.4 stable kernel. I cherry picked what I assume are > the appropriate two patches missing from the 4.9 stable kernel. Please > add them to upcoming 4.4 stable releases. Same thing as before, we need this in all kernels. thanks, greg k-h
