Details of VAR-201908-1958

ID

VAR-201908-1958

CVE

CVE-2019-9506

TITLE

Bluetooth BR/EDR supported devices are vulnerable to key negotiation attacks

Trust: 0.8

sources: CERT/CC: VU#918987

DESCRIPTION

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing. Bluetooth BR/EDR The entropy negotiation of the encryption key used for encryption on the connection has a problem that is vulnerable to man-in-the-middle attacks by design. A third party Bluetooth BR/EDR The entropy of the encryption key used for communication 1 Force byte (Key Negotiation Of Bluetooth (KNOB) attack) Brute force attacks on subsequent communications (Brute force attack) May be able to decrypt and intercept the contents. Bluetooth Is Bluetooth Basic Rate / Enhanced Data Rate (Bluetooth BR/EDR) Includes core configuration 6 A short-range wireless technology based on different core specifications and used for low-power short-range communications. Bluetooth To establish encrypted communication for 2 Horn Bluetooth You need to establish a link key that the device will pair and use to generate the encryption key used for encryption at the link layer. The entropy of the encryption key is 1 From bytes 16 In bytes length Bluetooth Set between controllers. When an attacker interrupts the encryption key entropy setting request between controllers and each controller accepts a low entropy setting, encrypted communication with low entropy is forced, resulting in a brute force attack (Brute force attack) Because of this, communication between devices may be easily decrypted.Man-in-the-middle attacks (man-in-the-middle attack) There is a possibility of eavesdropping on encrypted communication by. An encryption issue vulnerability exists in Bluetooth BR/EDR 5.1 and earlier versions. The vulnerability stems from incorrect use of relevant cryptographic algorithms by network systems or products, resulting in improperly encrypted content, weak encryption, and storing sensitive information in plain text. The attack must be performed during negotiation or renegotiation of a paired device connection; existing sessions cannot be attacked. This advisory will be updated as additional information becomes available. There are no workarounds that address this vulnerability. This advisory is available at the following link: tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190813-bluetooth. 8.0) - aarch64, noarch, ppc64le, s390x, x86_64 3. Bug Fix(es): * Backport TCP follow-up for small buffers (BZ#1739184) * TCP performance regression after CVE-2019-11478 bug fix (BZ#1743170) * RHEL8.0 - bnx2x link down, caused by transmit timeouts during load test (Marvell/Cavium/QLogic) (L3:) (BZ#1743548) * block: blk-mq improvement (BZ#1780567) * RHEL8.0 - Regression to RHEL7.6 by changing force_latency found during RHEL8.0 validation for SAP HANA on POWER (BZ#1781111) * blk-mq: overwirte performance drops on real MQ device (BZ#1782183) * RHEL8: creating vport takes lot of memory i.e 2GB per vport which leads to drain out system memory quickly. (BZ#1782705) 4. 8) - x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884) * Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900) * Kernel: page cache side channel attacks (CVE-2019-5489) * hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506) * kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c (CVE-2019-10126) * Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821) * kernel: Information Disclosure in crypto_report_one in crypto/crypto_user.c (CVE-2018-19854) * kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS (CVE-2018-20169) * kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459) * kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460) * kernel: SCTP socket buffer memory leak leading to denial of service (CVE-2019-3874) * kernel: denial of service vector through vfio DMA mappings (CVE-2019-3882) * kernel: null-pointer dereference in hci_uart_set_flow_control (CVE-2019-10207) * kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599) * kernel: fs/ext4/extents.c leads to information disclosure (CVE-2019-11833) * kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884) * kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233) * kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916) * kernel: oob memory read in hso_probe in drivers/net/usb/hso.c (CVE-2018-19985) * Kernel: KVM: leak of uninitialized stack contents to guest (CVE-2019-7222) * Kernel: net: weak IP ID generation leads to remote device tracking (CVE-2019-10638) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 1656986 - CVE-2018-19854 kernel: Information Disclosure in crypto_report_one in crypto/crypto_user.c 1660375 - CVE-2018-16884 kernel: nfs: use-after-free in svc_process_common() 1660385 - CVE-2018-20169 kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS 1663176 - CVE-2019-3459 kernel: Heap address information leak while using L2CAP_GET_CONF_OPT 1663179 - CVE-2019-3460 kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP 1664110 - CVE-2019-5489 Kernel: page cache side channel attacks 1666106 - CVE-2018-19985 kernel: oob memory read in hso_probe in drivers/net/usb/hso.c 1671930 - CVE-2019-7222 Kernel: KVM: leak of uninitialized stack contents to guest 1678887 - RT: update RT source tree to the RHEL-8.1 tree 1686373 - CVE-2019-3874 kernel: SCTP socket buffer memory leak leading to denial of service 1689426 - CVE-2019-3882 kernel: denial of service vector through vfio DMA mappings 1698757 - CVE-2019-3900 Kernel: vhost_net: infinite loop while receiving packets leads to DoS 1700666 - Make kernel-rt require rt-setup 1705937 - CVE-2019-11599 kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping 1709837 - CVE-2019-11884 kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command 1712072 - CVE-2019-11833 kernel: fs/ext4/extents.c leads to information disclosure 1716992 - CVE-2019-10126 kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c 1724657 - BUG: scheduling while atomic in zswap 1727756 - CVE-2019-13233 kernel: use-after-free in arch/x86/lib/insn-eval.c 1727857 - CVE-2019-9506 hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) 1728765 - BUG: scheduling while atomic: rcuc/13/134/0x00000002 1729931 - CVE-2019-10638 Kernel: net: weak IP ID generation leads to remote device tracking 1733472 - BUG: scheduling while atomic: rcuc/1/24/0x00000002 1733874 - CVE-2019-10207 kernel: null-pointer dereference in hci_uart_set_flow_control 1743931 - BUG: unable to handle kernel NULL pointer dereference at 0000000000000020 1745646 - [RT] sched/fair: Robustify CFS-bandwidth timer locking 1746708 - CVE-2019-14821 Kernel: KVM: OOB memory access via mmio ring buffer 1750813 - CVE-2019-15916 kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service 6. Bug Fix(es): * port show-kabi to python3 (BZ#1806924) 4. 7.6) - ppc64le, x86_64 3. Description: This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bug Fix(es): * kernel build: parallelize redhat/mod-sign.sh (BZ#1755326) 4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra address the following: AppleGraphicsControl Available for: macOS Mojave 10.14.5 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2019-8693: Arash Tohidi of Solita autofs Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: Extracting a zip file containing a symbolic link to an endpoint in an NFS mount that is attacker controlled may bypass Gatekeeper Description: This was addressed with additional checks by Gatekeeper on files mounted through a network share. CVE-2019-8656: Filippo Cavallarin Bluetooth Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2018-19860 Bluetooth Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic (Key Negotiation of Bluetooth - KNOB) Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. CVE-2019-9506: Daniele Antonioli of SUTD, Singapore, Dr. Nils Ole Tippenhauer of CISPA, Germany, and Prof. Kasper Rasmussen of University of Oxford, England Entry added August 13, 2019 Carbon Core Available for: macOS Mojave 10.14.5 Impact: A remote attacker may be able to cause arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-8661: Natalie Silvanovich of Google Project Zero Core Data Available for: macOS Mojave 10.14.5 Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8646: Natalie Silvanovich of Google Project Zero Core Data Available for: macOS Mojave 10.14.5 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8660: Samuel Groß and Natalie Silvanovich of Google Project Zero Disk Management Available for: macOS Mojave 10.14.5 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8697: ccpwd working with Trend Micro's Zero Day Initiative FaceTime Available for: macOS Mojave 10.14.5 Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8648: Tao Huang and Tielei Wang of Team Pangu Found in Apps Available for: macOS Mojave 10.14.5 Impact: A remote attacker may be able to leak memory Description: This issue was addressed with improved checks. CVE-2019-8663: Natalie Silvanovich of Google Project Zero Foundation Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8641: Samuel Groß and Natalie Silvanovich of Google Project Zero Grapher Available for: macOS Mojave 10.14.5 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8695: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative Graphics Drivers Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2019-8691: Aleksandr Tarasikov (@astarasikov), Arash Tohidi of Solita, Lilang Wu and Moony Li of Trend Micro's Mobile Security Research Team working with Trend Micro's Zero Day Initiative CVE-2019-8692: Lilang Wu and Moony Li of Trend Micro Mobile Security Research Team working with Trend Micro's Zero Day Initiative Heimdal Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: An issue existed in Samba that may allow attackers to perform unauthorized actions by intercepting communications between services Description: This issue was addressed with improved checks to prevent unauthorized actions. CVE-2018-16860: Isaac Boukris and Andrew Bartlett of the Samba Team and Catalyst IOAcceleratorFamily Available for: macOS Mojave 10.14.5 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8694: Arash Tohidi of Solita libxslt Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: A remote attacker may be able to view sensitive information Description: A stack overflow was addressed with improved input validation. CVE-2019-13118: found by OSS-Fuzz Quick Look Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: An attacker may be able to trigger a use-after-free in an application deserializing an untrusted NSDictionary Description: This issue was addressed with improved checks. CVE-2019-8662: Natalie Silvanovich and Samuel Groß of Google Project Zero Security Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8697: ccpwd working with Trend Micro's Zero Day Initiative Siri Available for: macOS Mojave 10.14.5 Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8646: Natalie Silvanovich of Google Project Zero Time Machine Available for: macOS Mojave 10.14.5 Impact: The encryption status of a Time Machine backup may be incorrect Description: An inconsistent user interface issue was addressed with improved state management. CVE-2019-8667: Roland Kletzing of cyber:con GmbH UIFoundation Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8657: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative Additional recognition Classroom We would like to acknowledge Jeff Johnson of underpassapp.com for their assistance. Game Center We would like to acknowledge Min (Spark) Zheng and Xiaolong Bai of Alibaba Inc. for their assistance. Installation note: macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAl1S688pHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3Hiog/+ PcWPEhxDpnU1ctoVPhyoqkV1tUs8z3hdNyX/tPtQZIQVFB7No1Md0GX8Zrv2libb LwrbU25ewe82XE9Es6ngxTdkRaREn8+hm9gxYPCMDXyKRlv904Q1b4zthYUt7/NO 7RG6ZRHEINOQORzrDsmgT/X6TukIy73HNob+4xZJTdJe9ZU3/zDCaqUgyUJSodou vsVFR3oqkwbVby4eT9+YbxJWMvVoFfB1+Qqo1w9kN7WXcYK3gb7sGtnNQlrE70kR pLRogcmwTQsi+sTm8bxQsuXXjdtTHeeCf0FRJg8NY5wZmdV9lNOghtmNxfTwIuir VeWusIgZWaK7IbgHW3PRYv3Sbrk40zcOraDsPv2rdgjOj4ReVyKHw5/f5Fyhcn+v WnIC4iNIBurz0HZU91QqD58Sqp+HtWl8xkM3ZW+Kd9LjnLty3fNw6Au5Aw8DTHzN 5F+lz7JRVV3+j7AYELog3WV6mdzMKW85gJRJtwXJ8hHSYZnvat06faFlPcDiKjBW rW7BehRykZpmZtaSZjL25IeOuXJHHdRfvabuTZ3nk47SSn7EJJ3xFBnvw6TgVFX+ TvmcUg5FinTSR81NkIY0ux6x1kuV/4vIUGZ4O0Houf/FoUhMQvig9ZkSw2B+Ynbd Xl3qBT4SVPWQyFAvjHwjCZA+GpNsnEKgZm8SlYVgqog= =tCwo -----END PGP SIGNATURE----- . Bug Fix(es): * kernel-rt: update to the RHEL7.7.z batch#2 source tree (BZ#1748570) 4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2019:3187-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:3187 Issue date: 2019-10-23 CVE Names: CVE-2019-9506 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.4) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.4) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.4) - noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Fix possible Spectre-v1 bugs in wireless code (BZ#1706696) * powerpc/pseries: Disable CPU hotplug across migrations / powerpc/rtas: Fix a potential race between CPU-Offline & Migration (LPM) (BZ#1745436) * powerpc/pseries: Fix unitialized timer reset on migration / powerpc/pseries/mobility: Extend start/stop topology update scope (LPM) (BZ#1745438) * ISST-LTE:PVM:Zeppelin :LPM: Failure logs and stack trace seen during LPM (POWER9/P9) (BZ#1745446) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Package List: Red Hat Enterprise Linux Server AUS (v. 7.4): Source: kernel-3.10.0-693.60.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.60.1.el7.noarch.rpm kernel-doc-3.10.0-693.60.1.el7.noarch.rpm x86_64: kernel-3.10.0-693.60.1.el7.x86_64.rpm kernel-debug-3.10.0-693.60.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.60.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.60.1.el7.x86_64.rpm kernel-devel-3.10.0-693.60.1.el7.x86_64.rpm kernel-headers-3.10.0-693.60.1.el7.x86_64.rpm kernel-tools-3.10.0-693.60.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.60.1.el7.x86_64.rpm perf-3.10.0-693.60.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm python-perf-3.10.0-693.60.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.4): Source: kernel-3.10.0-693.60.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.60.1.el7.noarch.rpm kernel-doc-3.10.0-693.60.1.el7.noarch.rpm ppc64le: kernel-3.10.0-693.60.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-693.60.1.el7.ppc64le.rpm kernel-debug-3.10.0-693.60.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-693.60.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-693.60.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-693.60.1.el7.ppc64le.rpm kernel-devel-3.10.0-693.60.1.el7.ppc64le.rpm kernel-headers-3.10.0-693.60.1.el7.ppc64le.rpm kernel-tools-3.10.0-693.60.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-693.60.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-693.60.1.el7.ppc64le.rpm perf-3.10.0-693.60.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-693.60.1.el7.ppc64le.rpm python-perf-3.10.0-693.60.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-693.60.1.el7.ppc64le.rpm x86_64: kernel-3.10.0-693.60.1.el7.x86_64.rpm kernel-debug-3.10.0-693.60.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.60.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.60.1.el7.x86_64.rpm kernel-devel-3.10.0-693.60.1.el7.x86_64.rpm kernel-headers-3.10.0-693.60.1.el7.x86_64.rpm kernel-tools-3.10.0-693.60.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.60.1.el7.x86_64.rpm perf-3.10.0-693.60.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm python-perf-3.10.0-693.60.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.4): Source: kernel-3.10.0-693.60.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.60.1.el7.noarch.rpm kernel-doc-3.10.0-693.60.1.el7.noarch.rpm x86_64: kernel-3.10.0-693.60.1.el7.x86_64.rpm kernel-debug-3.10.0-693.60.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.60.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.60.1.el7.x86_64.rpm kernel-devel-3.10.0-693.60.1.el7.x86_64.rpm kernel-headers-3.10.0-693.60.1.el7.x86_64.rpm kernel-tools-3.10.0-693.60.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.60.1.el7.x86_64.rpm perf-3.10.0-693.60.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm python-perf-3.10.0-693.60.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.4): x86_64: kernel-debug-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.60.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.60.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional E4S (v. 7.4): ppc64le: kernel-debug-debuginfo-3.10.0-693.60.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-693.60.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-693.60.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-693.60.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-693.60.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-693.60.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-693.60.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-693.60.1.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.60.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.60.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 7.4): x86_64: kernel-debug-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.60.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.60.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-9506 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXbAXitzjgjWX9erEAQh25A/9FrjeF3eVkgGwc/RvTRPF/Qqb44x+l61E KceVqzr3avw9TDoiCA8e35ZYwNBvpN6YW/VDiI0vSyj2nQp57xFK48ybhUvXGUKL A2dXn793a3ZBKIp4wVVQKyjBsAI31MT/AZDKrzlugszWlV25u/mc2tC4Yndbe+8e Lbwf2VvKdvtlH26Cadv1UN9YsnmtQuNdGp9NrRbttTCW9rMmHtkoQ/yT4rcS/7Fl 1tu2j2Yoi0GEG9wXWda7cbpd2jLCcpjwIYnrjRNOuMNVSugRKRcAY1rMwpL5dVpA rx2bi3X3HhCpGTgZSJbl9fz2f1J71o9WoUSybaT36Uc50iOs7anoHc82XPGFvkak xg+mkIVNkwGxW9pkum8tZANjhDwyGJl0bpS98zkzpNiBqdrGdN4V9qMmhqmEa/lT lQ7haJR1rqboIzS5uSpTL/a79blwDjnMNsZ3D+c6xFfjsq8yu1zGfDWBbMdoc1Zo 3CNT4+pdBr5ASdlE7R3G+8Zx77WSK2MLxRnzzHBF6KphF4LOOUJmefpZ0KQRGkN8 zOKjvsynVKSzqt++WJrij+U74KL65PZokF8kKSc0yDhgYRaeqK6QIwe+Dbn/YUsn RNBi1ZoILHB9nMxbT5OlEVf/0EJl7oD1zINT0n7S8b86gRnfHdMLlvZ1Kcfjs0Sy Vdo262+aA6k= =FkCN -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 3.33

sources: NVD: CVE-2019-9506 // CERT/CC: VU#918987 // JVNDB: JVNDB-2019-007618 // VULHUB: VHN-160941 // VULMON: CVE-2019-9506 // PACKETSTORM: 156058 // PACKETSTORM: 155121 // PACKETSTORM: 157216 // PACKETSTORM: 155017 // PACKETSTORM: 155004 // PACKETSTORM: 154054 // PACKETSTORM: 154879 // PACKETSTORM: 154936 // PACKETSTORM: 154949

AFFECTED PRODUCTS

vendor:	huawei	model:	cornell-tl10b	scope:	lt	version:	9.1.0.333\(c01e333r1p1t8\)	Trust: 1.0
vendor:	huawei	model:	p30	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	lelandp-l22d	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	leland-tl10b	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	columbia-tl00d	scope:	lt	version:	8.1.0.186\(c01gt\)	Trust: 1.0
vendor:	huawei	model:	y6 2019	scope:	eq	version:	-	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	19.04	Trust: 1.0
vendor:	apple	model:	tvos	scope:	eq	version:	12.4	Trust: 1.0
vendor:	huawei	model:	cairogo-l22	scope:	lt	version:	cairogo-l22c461b153	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	7.0	Trust: 1.0
vendor:	huawei	model:	princeton-tl10c	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	ever-l29b	scope:	lt	version:	9.1.0.338\(c185e3r3p1\)	Trust: 1.0
vendor:	huawei	model:	princeton-al10d	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	cornell-l29a	scope:	lt	version:	9.1.0.341\(c185e1r1p9t8\)	Trust: 1.0
vendor:	huawei	model:	emily-l29c	scope:	lt	version:	9.1.0.325\(c185e2r1p12t8\)	Trust: 1.0
vendor:	huawei	model:	leland-l32c	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	yale-tl00b	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	berkeley-l09	scope:	lt	version:	9.1.0.350\(c10e3r1p14t8\)	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.12.6	Trust: 1.0
vendor:	huawei	model:	bla-l29c	scope:	lt	version:	9.1.0.307\(c635e4r1p13t8\)	Trust: 1.0
vendor:	redhat	model:	virtualization host eus	scope:	eq	version:	4.2	Trust: 1.0
vendor:	huawei	model:	nova 3	scope:	eq	version:	-	Trust: 1.0
vendor:	redhat	model:	enterprise linux eus	scope:	eq	version:	7.7	Trust: 1.0
vendor:	huawei	model:	laya-al00ep	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	bla-l29c	scope:	lt	version:	9.1.0.306\(c432e4r1p11t8\)	Trust: 1.0
vendor:	huawei	model:	figo-l31	scope:	lt	version:	9.1.0.158\(c432e8r1p5t8\)	Trust: 1.0
vendor:	huawei	model:	charlotte-l29c	scope:	lt	version:	9.1.0.328\(c782e10r1p9t8\)	Trust: 1.0
vendor:	redhat	model:	enterprise linux eus	scope:	eq	version:	7.6	Trust: 1.0
vendor:	huawei	model:	berkeley-l09	scope:	lt	version:	9.1.0.332\(c432e5r1p13t8\)	Trust: 1.0
vendor:	huawei	model:	lelandp-l22c	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	ares-al10d	scope:	lt	version:	9.1.0.160\(c00e160r2p5t8\)	Trust: 1.0
vendor:	huawei	model:	y6 prime 2018	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	sydney-l21	scope:	eq	version:	-	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.04	Trust: 1.0
vendor:	huawei	model:	cornell-al00ind	scope:	lt	version:	8.2.0.141\(c675custc675d1gt\)	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.0	Trust: 1.0
vendor:	huawei	model:	paris-al00ic	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	atomu-l42	scope:	lt	version:	8.0.0.155\(c636custc636d1\)	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	7.3	Trust: 1.0
vendor:	huawei	model:	honor 20 pro	scope:	lt	version:	9.1.0.155\(c10e2r3p1\)	Trust: 1.0
vendor:	huawei	model:	madrid-tl00a	scope:	eq	version:	-	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux aus	scope:	eq	version:	7.5	Trust: 1.0
vendor:	redhat	model:	enterprise linux for real time for nfv	scope:	eq	version:	8	Trust: 1.0
vendor:	huawei	model:	florida-l21	scope:	lt	version:	9.1.0.150\(c185e6r1p5t8\)	Trust: 1.0
vendor:	huawei	model:	columbia-l29d	scope:	lt	version:	9.1.0.350\(c636e3r1p13t8\)	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	8.4	Trust: 1.0
vendor:	huawei	model:	figo-l31	scope:	lt	version:	9.1.0.137\(c33e8r1p5t8\)	Trust: 1.0
vendor:	huawei	model:	honor 20 pro	scope:	lt	version:	9.1.0.171\(c10e2r3p1\)	Trust: 1.0
vendor:	huawei	model:	leland-tl10c	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	madrid-al00a	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	cornell-al10ind	scope:	lt	version:	9.1.0.363\(c675e2r1p9t8\)	Trust: 1.0
vendor:	huawei	model:	nova 5i pro	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	jakarta-al00a	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	yale-l21a	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	cornell-al00a	scope:	lt	version:	9.1.0.333\(c00e333r1p1t8\)	Trust: 1.0
vendor:	huawei	model:	columbia-l29d	scope:	lt	version:	9.1.0.351\(c432e5r1p13t8\)	Trust: 1.0
vendor:	huawei	model:	nova lite 3	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	honor 20 pro	scope:	lt	version:	9.1.0.172\(c432e2r5p1\)	Trust: 1.0
vendor:	redhat	model:	enterprise linux tus	scope:	eq	version:	7.6	Trust: 1.0
vendor:	huawei	model:	cornell-l29a	scope:	lt	version:	9.1.0.336\(c636e2r1p12t8\)	Trust: 1.0
vendor:	redhat	model:	enterprise linux for real time	scope:	eq	version:	7	Trust: 1.0
vendor:	huawei	model:	sydney-l22	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	dura-tl00a	scope:	lt	version:	1.0.0.176\(c01\)	Trust: 1.0
vendor:	huawei	model:	p20	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	y9 2019	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	potter-al00c	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	florida-tl10b	scope:	lt	version:	9.1.0.128\(c01e112r1p6t8\)	Trust: 1.0
vendor:	huawei	model:	sydneym-l22	scope:	eq	version:	-	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.7	Trust: 1.0
vendor:	huawei	model:	lelandp-al10b	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	berkeley-tl10	scope:	lt	version:	9.1.0.333\(c01e333r1p1t8\)	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	redhat	model:	enterprise linux eus	scope:	eq	version:	8.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.6	Trust: 1.0
vendor:	huawei	model:	p30 pro	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	cornell-l29a	scope:	lt	version:	9.1.0.342\(c461e1r1p9t8\)	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.4	Trust: 1.0
vendor:	huawei	model:	figo-l23	scope:	lt	version:	9.1.0.160\(c605e6r1p5t8\)	Trust: 1.0
vendor:	huawei	model:	imanager neteco 6000	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	berkeley-l09	scope:	lt	version:	9.1.0.350\(c636e4r1p13t8\)	Trust: 1.0
vendor:	huawei	model:	emily-l29c	scope:	lt	version:	9.1.0.328\(c432e7r1p11t8\)	Trust: 1.0
vendor:	huawei	model:	honor 20 pro	scope:	lt	version:	9.1.0.154\(c432e2r5p1\)	Trust: 1.0
vendor:	huawei	model:	tony-tl00b	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	harry-al00c	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	florida-l22	scope:	lt	version:	9.1.0.150\(c636e6r1p5t8\)	Trust: 1.0
vendor:	huawei	model:	honor 20	scope:	lt	version:	9.1.0.149\(c675e8r2p1\)	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	8.2	Trust: 1.0
vendor:	huawei	model:	honor 20 pro	scope:	lt	version:	9.1.0.170\(c185e2r5p1\)	Trust: 1.0
vendor:	huawei	model:	nova 5	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	leland-l42c	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	honor 8a	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	lelandp-al10d	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	figo-tl10b	scope:	lt	version:	9.1.0.130\(c01e115r2p8t8\)	Trust: 1.0
vendor:	huawei	model:	tony-al00b	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	bla-l29c	scope:	lt	version:	9.1.0.306\(c185e2r1p13t8\)	Trust: 1.0
vendor:	huawei	model:	london-al40ind	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	harry-al10b	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	johnson-tl00d	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	alp-al00b	scope:	lt	version:	9.1.0.333\(c00e333r2p1t8\)	Trust: 1.0
vendor:	huawei	model:	emily-l29c	scope:	lt	version:	9.1.0.326\(c635e2r1p11t8\)	Trust: 1.0
vendor:	huawei	model:	p smart	scope:	eq	version:	-	Trust: 1.0
vendor:	redhat	model:	enterprise linux eus	scope:	eq	version:	8.1	Trust: 1.0
vendor:	huawei	model:	asoka-al00ax	scope:	lt	version:	9.1.1.181\(c00e48r6p1\)	Trust: 1.0
vendor:	huawei	model:	columbia-al10i	scope:	lt	version:	9.1.0.335\(c675e8r1p9t8\)	Trust: 1.0
vendor:	huawei	model:	sydneym-l23	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	ares-tl00c	scope:	lt	version:	9.1.0.165\(c01e165r2p5t8\)	Trust: 1.0
vendor:	redhat	model:	enterprise linux for real time for nfv eus	scope:	eq	version:	8.2	Trust: 1.0
vendor:	huawei	model:	cornell-l29a	scope:	lt	version:	9.1.0.347\(c432e1r1p9t8\)	Trust: 1.0
vendor:	redhat	model:	enterprise linux for real time eus	scope:	eq	version:	8.2	Trust: 1.0
vendor:	huawei	model:	katyusha-al00a	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	paris-l29b	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	sydneym-l01	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	florida-al20b	scope:	lt	version:	9.1.0.128\(c00e112r1p6t8\)	Trust: 1.0
vendor:	huawei	model:	columbia-l29d	scope:	lt	version:	9.1.0.350\(c185e3r1p12t8\)	Trust: 1.0
vendor:	huawei	model:	potter-al10a	scope:	eq	version:	-	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	huawei	model:	yale-l61c	scope:	eq	version:	-	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	12.4	Trust: 1.0
vendor:	huawei	model:	sydney-l22br	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	sydneym-al00	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	charlotte-l29c	scope:	lt	version:	9.1.0.328\(c432e5r1p9t8\)	Trust: 1.0
vendor:	huawei	model:	honor 20 pro	scope:	lt	version:	9.1.0.170\(c636e2r3p1\)	Trust: 1.0
vendor:	redhat	model:	enterprise linux eus	scope:	eq	version:	8.4	Trust: 1.0
vendor:	huawei	model:	dubai-al00a	scope:	lt	version:	8.2.0.190\(c00r2p2\)	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	charlotte-l29c	scope:	lt	version:	9.1.0.311\(c605e2r1p11t8\)	Trust: 1.0
vendor:	huawei	model:	honor 20	scope:	lt	version:	9.1.0.143\(c675e8r2p1\)	Trust: 1.0
vendor:	huawei	model:	hima-l29c	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	atomu-l33	scope:	lt	version:	8.0.0.147\(c605custc605d1\)	Trust: 1.0
vendor:	redhat	model:	enterprise linux for real time for nfv	scope:	eq	version:	7	Trust: 1.0
vendor:	huawei	model:	bla-tl00b	scope:	lt	version:	9.1.0.329\(c01e320r1p1t8\)	Trust: 1.0
vendor:	huawei	model:	emily-l29c	scope:	lt	version:	9.1.0.325\(c636e7r1p13t8\)	Trust: 1.0
vendor:	huawei	model:	dura-al00a	scope:	lt	version:	1.0.0.182\(c00\)	Trust: 1.0
vendor:	huawei	model:	charlotte-l29c	scope:	lt	version:	9.1.0.325\(c636e2r1p12t8\)	Trust: 1.0
vendor:	huawei	model:	emily-l29c	scope:	eq	version:	8.1.0.156\(c605\)	Trust: 1.0
vendor:	huawei	model:	p smart 2019	scope:	eq	version:	-	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.14.5	Trust: 1.0
vendor:	huawei	model:	harry-tl00c	scope:	eq	version:	-	Trust: 1.0
vendor:	redhat	model:	enterprise linux for real time	scope:	eq	version:	8	Trust: 1.0
vendor:	huawei	model:	y6 pro 2019	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	honor view 10	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	berkeley-al20	scope:	lt	version:	9.1.0.333\(c00e333r2p1t8\)	Trust: 1.0
vendor:	huawei	model:	johnson-tl00f	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	figo-l31	scope:	lt	version:	9.1.0.122\(c09e7r1p5t8\)	Trust: 1.0
vendor:	huawei	model:	columbia-l29d	scope:	lt	version:	9.1.0.350\(c10e5r1p14t8\)	Trust: 1.0
vendor:	huawei	model:	yalep-al10b	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	florida-l23	scope:	lt	version:	9.1.0.154\(c605e7r1p2t8\)	Trust: 1.0
vendor:	huawei	model:	yale-al50a	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	emily-l29c	scope:	lt	version:	9.1.0.311\(c461e2r1p11t8\)	Trust: 1.0
vendor:	redhat	model:	enterprise linux for real time for nfv eus	scope:	eq	version:	8.4	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	7.7	Trust: 1.0
vendor:	redhat	model:	enterprise linux for real time eus	scope:	eq	version:	8.4	Trust: 1.0
vendor:	huawei	model:	honor 8x	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	figo-l31	scope:	eq	version:	8.0.0.122d\(c652\)	Trust: 1.0
vendor:	huawei	model:	mate 20 x	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	cornell-al00i	scope:	lt	version:	9.1.0.363\(c675e3r1p9t8\)	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	7.6	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	7.4	Trust: 1.0
vendor:	huawei	model:	nova 4	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	leland-l42a	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	sydney-al00	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	figo-l31	scope:	lt	version:	9.1.0.165\(c10e8r1p5t8\)	Trust: 1.0
vendor:	huawei	model:	honor 20 pro	scope:	lt	version:	9.1.0.154\(c636e2r3p1\)	Trust: 1.0
vendor:	huawei	model:	columbia-l29d	scope:	lt	version:	9.1.0.350\(c461e3r1p11t8\)	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	8.2	Trust: 1.0
vendor:	huawei	model:	leland-l32a	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	neo-al00d	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	sydneym-l03	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	honor 20 pro	scope:	lt	version:	9.1.0.154\(c185e2r5p1\)	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.13.6	Trust: 1.0
vendor:	huawei	model:	bla-l29c	scope:	lt	version:	9.1.0.300\(c605e2r1p12t8\)	Trust: 1.0
vendor:	huawei	model:	lelandp-l22a	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	charlotte-l29c	scope:	lt	version:	9.1.0.325\(c185e4r1p11t8\)	Trust: 1.0
vendor:	huawei	model:	leland-l31a	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	atomu-l41	scope:	lt	version:	8.0.0.153\(c461custc461d1\)	Trust: 1.0
vendor:	huawei	model:	imanager neteco	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	paris-l21b	scope:	eq	version:	-	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.3	Trust: 1.0
vendor:	huawei	model:	mate 20 pro	scope:	eq	version:	-	Trust: 1.0
vendor:	redhat	model:	mrg realtime	scope:	eq	version:	2.0	Trust: 1.0
vendor:	huawei	model:	y5 2018	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	yale-al00a	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	sydney-tl00	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	bla-l29c	scope:	lt	version:	9.1.0.306\(c636e2r1p13t8\)	Trust: 1.0
vendor:	huawei	model:	lelandp-al00c	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	sydney-l21br	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	columbia-al10b	scope:	lt	version:	9.1.0.333\(c00e333r1p1t8\)	Trust: 1.0
vendor:	huawei	model:	p20 pro	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	honor view 20	scope:	eq	version:	-	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	8.4	Trust: 1.0
vendor:	huawei	model:	barca-al00	scope:	lt	version:	8.0.0.366\(c00\)	Trust: 1.0
vendor:	huawei	model:	leland-l21a	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	paris-l21meb	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	princeton-al10b	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	florida-l21	scope:	lt	version:	9.1.0.150\(c432e6r1p5t8\)	Trust: 1.0
vendor:	huawei	model:	ares-al00b	scope:	lt	version:	9.1.0.160\(c00e160r2p5t8\)	Trust: 1.0
vendor:	huawei	model:	mate 20	scope:	eq	version:	-	Trust: 1.0
vendor:	apple	model:	watchos	scope:	eq	version:	5.3	Trust: 1.0
vendor:	huawei	model:	honor 10 lite	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	y5 lite	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	bla-al00b	scope:	lt	version:	9.1.0.329\(c786e320r2p1t8\)	Trust: 1.0
vendor:	huawei	model:	figo-l31	scope:	lt	version:	9.1.0.137\(c530e8r1p5t8\)	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.1	Trust: 1.0
vendor:	huawei	model:	y7 2019	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	sydneym-l21	scope:	eq	version:	-	Trust: 1.0
vendor:	blackberry	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	bluetooth sig	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	bluetooth sig	model:	br/edr core	scope:	lte	version:	v5.1	Trust: 0.8

sources: CERT/CC: VU#918987 // JVNDB: JVNDB-2019-007618 // NVD: CVE-2019-9506

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-9506
value:	HIGH
Trust: 1.0
cret@cert.org:	CVE-2019-9506
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-9506
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201908-864
value:	HIGH
Trust: 0.6
VULHUB:	VHN-160941
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2019-9506
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-9506
severity:	MEDIUM
baseScore:	4.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	CVE-2019-9506
severity:	HIGH
baseScore:	7.8
vectorString:	NONE
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-160941
severity:	MEDIUM
baseScore:	4.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-9506
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	5.2
version:	3.1
Trust: 1.0
cret@cert.org:	CVE-2019-9506
baseSeverity:	HIGH
baseScore:	7.6
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	4.7
version:	3.0
Trust: 1.0

sources: CERT/CC: VU#918987 // VULHUB: VHN-160941 // VULMON: CVE-2019-9506 // CNNVD: CNNVD-201908-864 // NVD: CVE-2019-9506 // NVD: CVE-2019-9506

PROBLEMTYPE DATA

problemtype:	CWE-310	Trust: 1.1
problemtype:	CWE-327	Trust: 1.1

sources: VULHUB: VHN-160941 // NVD: CVE-2019-9506

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201908-864

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201908-864

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-007618

PATCH

title:	Key Negotiation of Bluetooth	url:	https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/	Trust: 0.8
title:	The building blocks of all Bluetooth devices	url:	https://www.bluetooth.com/specifications/	Trust: 0.8
title:	Keep up to date with Errata	url:	https://www.bluetooth.com/specifications/errata/	Trust: 0.8
title:	Bluetooth Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96553	Trust: 0.6
title:	The Register	url:	https://www.theregister.co.uk/2019/08/22/cisco_patch_bundle/	Trust: 0.2
title:	Red Hat: Important: kernel security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193187 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: kpatch-patch security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193231 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: kernel security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192975 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: kernel-rt security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193165 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: kernel security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193218 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: kernel security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20201460 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: kernel security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193220 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: kernel-rt security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193089 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: kernel security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193055 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: kernel-alt security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193217 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: kpatch-patch security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193076 - Security Advisory	Trust: 0.1
title:	Red Hat: CVE-2019-9506	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2019-9506	Trust: 0.1
title:	Cisco: Key Negotiation of Bluetooth Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190813-bluetooth	Trust: 0.1
title:	HP: HPSBPI03634 rev. 1 - HP OfficeJet Mobile and Sprocket Printers KNOB Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=HPSBPI03634	Trust: 0.1
title:	Red Hat: Important: kernel security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200204 - Security Advisory	Trust: 0.1
title:	HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBPI03634 rev. 1 - HP OfficeJet Mobile and Sprocket Printers KNOB Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=814c3d5b0bc03fc1c34e62dbc5cf6bf7	Trust: 0.1
title:	HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBPI03634 rev. 1 - HP OfficeJet Mobile and Sprocket Printers KNOB Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=20bba81176880ee641f9d46354adc125	Trust: 0.1
title:	Red Hat: Important: kernel security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193517 - Security Advisory	Trust: 0.1
title:	Huawei Security Advisories: Security Advisory - Key Negotiation of Bluetooth (KNOB) Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=huawei_security_advisories&qid=4da976eef66883f5331725800e5cf063	Trust: 0.1
title:	Red Hat: Important: kernel-rt security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193309 - Security Advisory	Trust: 0.1
title:	Ubuntu Security Notice: linux, linux-aws, linux-azure, linux-gcp, linux-gke-5.0, linux-hwe, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4147-1	Trust: 0.1
title:	Fortinet Security Advisories: CVE-2019-9506 Encryption Key Negotiation of Bluetooth Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories&qid=FG-IR-19-224	Trust: 0.1
title:	Ubuntu Security Notice: linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2 regression	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4115-2	Trust: 0.1
title:	Ubuntu Security Notice: linux, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4115-1	Trust: 0.1
title:	Ubuntu Security Notice: linux-aws vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4118-1	Trust: 0.1
title:	knob	url:	https://github.com/francozappa/knob	Trust: 0.1
title:	bluetooth-KNOB	url:	https://github.com/u10427687/bluetooth-KNOB	Trust: 0.1
title:	-	url:	https://github.com/makaubenson/Fix-BT-Ubuntu	Trust: 0.1
title:	broadcom-bt-firmware	url:	https://github.com/winterheart/broadcom-bt-firmware	Trust: 0.1
title:	broadcom-bt-firmware	url:	https://github.com/AlexandrBing/broadcom-bt-firmware	Trust: 0.1
title:	Protocol-Vul	url:	https://github.com/WinMin/Protocol-Vul	Trust: 0.1
title:	awesome-bluetooth-security	url:	https://github.com/engn33r/awesome-bluetooth-security	Trust: 0.1
title:	-	url:	https://github.com/JeffroMF/awesome-bluetooth-security321	Trust: 0.1
title:	PoC-in-GitHub	url:	https://github.com/developer3000S/PoC-in-GitHub	Trust: 0.1
title:	CVE-POC	url:	https://github.com/0xT11/CVE-POC	Trust: 0.1
title:	-	url:	https://github.com/vincent-deng/veracode-container-security-finding-parser	Trust: 0.1
title:	PoC-in-GitHub	url:	https://github.com/hectorgie/PoC-in-GitHub	Trust: 0.1
title:	PoC-in-GitHub	url:	https://github.com/nomi-sec/PoC-in-GitHub	Trust: 0.1
title:	Symantec Threat Intelligence Blog	url:	https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-august-2019	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/cisco-patches-six-critical-bugs/147585/	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/lenovo-warns-bugs-thinkpads/147338/	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/wormable-remote-desktop-bugs-august-patch-tuesday/147302/	Trust: 0.1
title:	BleepingComputer	url:	https://www.bleepingcomputer.com/news/security/new-bluetooth-knob-flaw-lets-attackers-manipulate-traffic/	Trust: 0.1
title:	BleepingComputer	url:	https://www.bleepingcomputer.com/news/security/new-bluetooth-knob-flaw-lets-attackers-manipulate-connections/	Trust: 0.1

sources: VULMON: CVE-2019-9506 // CNNVD: CNNVD-201908-864 // JVNDB: JVNDB-2019-007618

EXTERNAL IDS

db:	NVD	id:	CVE-2019-9506	Trust: 3.5
db:	CERT/CC	id:	VU#918987	Trust: 3.4
db:	PACKETSTORM	id:	157216	Trust: 0.8
db:	JVN	id:	JVNVU90240762	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-007618	Trust: 0.8
db:	CNNVD	id:	CNNVD-201908-864	Trust: 0.7
db:	PACKETSTORM	id:	156058	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.0141	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1366	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1189	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1366.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4346	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4346.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4676	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0262	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3115	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4252	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1338	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4584	Trust: 0.6
db:	LENOVO	id:	LEN-27173	Trust: 0.6
db:	PACKETSTORM	id:	155017	Trust: 0.2
db:	PACKETSTORM	id:	154949	Trust: 0.2
db:	PACKETSTORM	id:	154936	Trust: 0.2
db:	PACKETSTORM	id:	155004	Trust: 0.2
db:	VULHUB	id:	VHN-160941	Trust: 0.1
db:	VULMON	id:	CVE-2019-9506	Trust: 0.1
db:	PACKETSTORM	id:	155121	Trust: 0.1
db:	PACKETSTORM	id:	154054	Trust: 0.1
db:	PACKETSTORM	id:	154879	Trust: 0.1

sources: CERT/CC: VU#918987 // VULHUB: VHN-160941 // VULMON: CVE-2019-9506 // PACKETSTORM: 156058 // PACKETSTORM: 155121 // PACKETSTORM: 157216 // PACKETSTORM: 155017 // PACKETSTORM: 155004 // PACKETSTORM: 154054 // PACKETSTORM: 154879 // PACKETSTORM: 154936 // PACKETSTORM: 154949 // CNNVD: CNNVD-201908-864 // JVNDB: JVNDB-2019-007618 // NVD: CVE-2019-9506

REFERENCES

url:	https://www.kb.cert.org/vuls/id/918987/	Trust: 2.6
url:	https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli	Trust: 2.6
url:	https://access.redhat.com/errata/rhsa-2020:0204	Trust: 2.5
url:	https://access.redhat.com/errata/rhsa-2019:3187	Trust: 2.0
url:	https://access.redhat.com/errata/rhsa-2019:3089	Trust: 1.9
url:	https://access.redhat.com/errata/rhsa-2019:3165	Trust: 1.9
url:	https://access.redhat.com/errata/rhsa-2019:3218	Trust: 1.9
url:	https://access.redhat.com/errata/rhsa-2019:3231	Trust: 1.9
url:	https://access.redhat.com/errata/rhsa-2019:3309	Trust: 1.9
url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en	Trust: 1.8
url:	https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2019/aug/11	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2019/aug/13	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2019/aug/14	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2019/aug/15	Trust: 1.8
url:	http://www.cs.ox.ac.uk/publications/publication12404-abstract.html	Trust: 1.8
url:	https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html	Trust: 1.8
url:	https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html	Trust: 1.8
url:	https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:2975	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:3055	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:3076	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:3217	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:3220	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:3517	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html	Trust: 1.8
url:	https://usn.ubuntu.com/4115-1/	Trust: 1.8
url:	https://usn.ubuntu.com/4118-1/	Trust: 1.8
url:	https://usn.ubuntu.com/4147-1/	Trust: 1.8
url:	https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9506	Trust: 1.5
url:	https://github.com/francozappa/knob	Trust: 0.9
url:	https://www.bluetooth.com/specifications/adopted-specifications	Trust: 0.8
url:	https://www.usenix.org/system/files/sec19-antonioli.pdf	Trust: 0.8
url:	https://www.icasi.org/br-edr-encryption-key-bluetooth-vulnerability/	Trust: 0.8
url:	http://support.blackberry.com/kb/articledetail?articlenumber=000057251	Trust: 0.8
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.8
url:	https://access.redhat.com/articles/11258	Trust: 0.8
url:	https://access.redhat.com/security/team/contact/	Trust: 0.8
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.8
url:	https://bugzilla.redhat.com/):	Trust: 0.8
url:	https://access.redhat.com/security/cve/cve-2019-9506	Trust: 0.8
url:	https://access.redhat.com/security/team/key/	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9506	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu90240762/	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190813-bluetooth	Trust: 0.7
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20193294-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20193295-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20192984-1.html	Trust: 0.6
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00237.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20193200-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20192953-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20192952-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20192951-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20192950-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20192949-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20192948-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20192947-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20192946-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2020/suse-su-20200093-1.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/157216/red-hat-security-advisory-2020-1460-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1338/	Trust: 0.6
url:	https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/cve-2019-9506	Trust: 0.6
url:	https://support.lenovo.com/us/en/product_security/len-27173	Trust: 0.6
url:	https://support.apple.com/en-us/ht210353	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4676/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4346/	Trust: 0.6
url:	https://support.apple.com/en-us/ht210346	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4252/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4584/	Trust: 0.6
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190828-01-knob-cn	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0141/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0262/	Trust: 0.6
url:	https://packetstormsecurity.com/files/156058/red-hat-security-advisory-2020-0204-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3115/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/bluetooth-br-edr-information-disclosure-via-key-negotiation-30041	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4346.2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1189/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1366/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1366.2/	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10126	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-10126	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5489	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-16884	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-14821	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14821	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-5489	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3900	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16884	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-3900	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/327.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.kb.cert.org/vuls/id/918987	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0154	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-0154	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-12207	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11135	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0155	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-0155	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14901	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14816	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14901	Trust: 0.1
url:	https://access.redhat.com/security/vulnerabilities/ifu-page-mce	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-12207	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14816	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11135	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11884	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11884	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3459	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-7222	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3874	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-10207	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-19985	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-13233	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-19854	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10207	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-3882	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11599	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-3874	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13233	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11599	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20169	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-20169	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-15916	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3460	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-3460	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-10638	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-7222	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-19985	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11833	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-19854	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10638	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15916	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3882	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11833	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-3459	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:1460	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8691	Trust: 0.1
url:	https://support.apple.com/kb/ht201222	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16860	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8695	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8692	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8646	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8694	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13118	Trust: 0.1
url:	https://support.apple.com/downloads/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8693	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8663	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8656	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8648	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8641	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8660	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8657	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8667	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-19860	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8697	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8662	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8661	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-3846	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20856	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3846	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-20856	Trust: 0.1

CREDITS

Red Hat

Trust: 0.8

sources: PACKETSTORM: 156058 // PACKETSTORM: 155121 // PACKETSTORM: 157216 // PACKETSTORM: 155017 // PACKETSTORM: 155004 // PACKETSTORM: 154879 // PACKETSTORM: 154936 // PACKETSTORM: 154949

SOURCES

db:	CERT/CC	id:	VU#918987
db:	VULHUB	id:	VHN-160941
db:	VULMON	id:	CVE-2019-9506
db:	PACKETSTORM	id:	156058
db:	PACKETSTORM	id:	155121
db:	PACKETSTORM	id:	157216
db:	PACKETSTORM	id:	155017
db:	PACKETSTORM	id:	155004
db:	PACKETSTORM	id:	154054
db:	PACKETSTORM	id:	154879
db:	PACKETSTORM	id:	154936
db:	PACKETSTORM	id:	154949
db:	CNNVD	id:	CNNVD-201908-864
db:	JVNDB	id:	JVNDB-2019-007618
db:	NVD	id:	CVE-2019-9506

LAST UPDATE DATE

2025-12-22T22:47:45.218000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#918987	date:	2020-05-15T00:00:00
db:	VULHUB	id:	VHN-160941	date:	2021-11-04T00:00:00
db:	VULMON	id:	CVE-2019-9506	date:	2021-11-04T00:00:00
db:	CNNVD	id:	CNNVD-201908-864	date:	2021-11-05T00:00:00
db:	JVNDB	id:	JVNDB-2019-007618	date:	2019-08-16T00:00:00
db:	NVD	id:	CVE-2019-9506	date:	2024-11-21T04:51:45.113

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#918987	date:	2019-08-14T00:00:00
db:	VULHUB	id:	VHN-160941	date:	2019-08-14T00:00:00
db:	VULMON	id:	CVE-2019-9506	date:	2019-08-14T00:00:00
db:	PACKETSTORM	id:	156058	date:	2020-01-23T00:26:55
db:	PACKETSTORM	id:	155121	date:	2019-11-06T15:33:55
db:	PACKETSTORM	id:	157216	date:	2020-04-14T15:40:41
db:	PACKETSTORM	id:	155017	date:	2019-10-29T14:59:12
db:	PACKETSTORM	id:	155004	date:	2019-10-29T14:48:28
db:	PACKETSTORM	id:	154054	date:	2019-08-14T18:32:22
db:	PACKETSTORM	id:	154879	date:	2019-10-16T15:06:37
db:	PACKETSTORM	id:	154936	date:	2019-10-22T17:27:00
db:	PACKETSTORM	id:	154949	date:	2019-10-23T18:29:02
db:	CNNVD	id:	CNNVD-201908-864	date:	2019-08-13T00:00:00
db:	JVNDB	id:	JVNDB-2019-007618	date:	2019-08-16T00:00:00
db:	NVD	id:	CVE-2019-9506	date:	2019-08-14T17:15:11.597