ID

VAR-201908-1958


CVE

CVE-2019-9506


TITLE

Bluetooth BR/EDR supported devices are vulnerable to key negotiation attacks

Trust: 0.8

sources: CERT/CC: VU#918987

DESCRIPTION

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing. Once the entropy is reduced, the attacker can brute-force the encryption key and use it to decrypt communications. Bluetooth BR/EDR is a Bluetooth BR/EDR (Basic Rate/Enhanced Data Rate) standard. An encryption issue vulnerability exists in Bluetooth BR/EDR 5.1 and earlier versions. The vulnerability stems from incorrect use of relevant cryptographic algorithms by network systems or products, resulting in improperly encrypted content, weak encryption, and storing sensitive information in plain text. A weakness in the Bluetooth Basic Rate/Enhanced Data Rate (BR/EDR) protocol core specification exposes a vulnerability that could allow for an unauthenticated, adjacent malicious user to perform a man-in-the-middle attack on an encrypted Bluetooth connection. The attack must be performed during negotiation or renegotiation of a paired device connection; existing sessions cannot be attacked. The issue could allow the malicious user to reduce the entropy of the negotiated session key that is used to secure a Bluetooth connection between a paired device and a host device. An attacker who can successfully inject a malicious message into a Bluetooth connection during session negotiation or renegotiation could cause the strength of the session key to be susceptible to brute force attack. This advisory will be updated as additional information becomes available. There are no workarounds that address this vulnerability. This advisory is available at the following link: tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190813-bluetooth. 8) - x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884) * Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900) * Kernel: page cache side channel attacks (CVE-2019-5489) * hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506) * kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c (CVE-2019-10126) * Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821) * kernel: Information Disclosure in crypto_report_one in crypto/crypto_user.c (CVE-2018-19854) * kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS (CVE-2018-20169) * kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459) * kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460) * kernel: SCTP socket buffer memory leak leading to denial of service (CVE-2019-3874) * kernel: denial of service vector through vfio DMA mappings (CVE-2019-3882) * kernel: null-pointer dereference in hci_uart_set_flow_control (CVE-2019-10207) * kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599) * kernel: fs/ext4/extents.c leads to information disclosure (CVE-2019-11833) * kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884) * kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233) * kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916) * kernel: oob memory read in hso_probe in drivers/net/usb/hso.c (CVE-2018-19985) * Kernel: KVM: leak of uninitialized stack contents to guest (CVE-2019-7222) * Kernel: net: weak IP ID generation leads to remote device tracking (CVE-2019-10638) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 1656986 - CVE-2018-19854 kernel: Information Disclosure in crypto_report_one in crypto/crypto_user.c 1660375 - CVE-2018-16884 kernel: nfs: use-after-free in svc_process_common() 1660385 - CVE-2018-20169 kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS 1663176 - CVE-2019-3459 kernel: Heap address information leak while using L2CAP_GET_CONF_OPT 1663179 - CVE-2019-3460 kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP 1664110 - CVE-2019-5489 Kernel: page cache side channel attacks 1666106 - CVE-2018-19985 kernel: oob memory read in hso_probe in drivers/net/usb/hso.c 1671930 - CVE-2019-7222 Kernel: KVM: leak of uninitialized stack contents to guest 1678887 - RT: update RT source tree to the RHEL-8.1 tree 1686373 - CVE-2019-3874 kernel: SCTP socket buffer memory leak leading to denial of service 1689426 - CVE-2019-3882 kernel: denial of service vector through vfio DMA mappings 1698757 - CVE-2019-3900 Kernel: vhost_net: infinite loop while receiving packets leads to DoS 1700666 - Make kernel-rt require rt-setup 1705937 - CVE-2019-11599 kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping 1709837 - CVE-2019-11884 kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command 1712072 - CVE-2019-11833 kernel: fs/ext4/extents.c leads to information disclosure 1716992 - CVE-2019-10126 kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c 1724657 - BUG: scheduling while atomic in zswap 1727756 - CVE-2019-13233 kernel: use-after-free in arch/x86/lib/insn-eval.c 1727857 - CVE-2019-9506 hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) 1728765 - BUG: scheduling while atomic: rcuc/13/134/0x00000002 1729931 - CVE-2019-10638 Kernel: net: weak IP ID generation leads to remote device tracking 1733472 - BUG: scheduling while atomic: rcuc/1/24/0x00000002 1733874 - CVE-2019-10207 kernel: null-pointer dereference in hci_uart_set_flow_control 1743931 - BUG: unable to handle kernel NULL pointer dereference at 0000000000000020 1745646 - [RT] sched/fair: Robustify CFS-bandwidth timer locking 1746708 - CVE-2019-14821 Kernel: KVM: OOB memory access via mmio ring buffer 1750813 - CVE-2019-15916 kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service 6. Bug Fix(es): * port show-kabi to python3 (BZ#1806924) 4. 7.6) - ppc64le, x86_64 3. Description: This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Bug Fix(es): * kernel build: parallelize redhat/mod-sign.sh (BZ#1755326) 4. Bug Fix(es): * kernel-rt: update to the RHEL7.7.z batch#2 source tree (BZ#1748570) 4. ========================================================================== Ubuntu Security Notice USN-4147-1 October 04, 2019 linux, linux-aws, linux-azure, linux-gcp, linux-gke-5.0, linux-hwe, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.04 - Ubuntu 18.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors - linux-gke-5.0: Linux kernel for Google Container Engine (GKE) systems - linux-hwe: Linux hardware enablement (HWE) kernel Details: It was discovered that the Intel Wi-Fi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). A physically proximate attacker could use this to cause a denial of service (Wi-Fi disconnect). (CVE-2019-0136) It was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. (CVE-2019-10207) It was discovered that the GTCO tablet input driver in the Linux kernel did not properly bounds check the initial HID report sent by the device. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13631) It was discovered that an out-of-bounds read existed in the QLogic QEDI iSCSI Initiator Driver in the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-15090) Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel did not properly validate device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15117) Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel improperly performed recursion while handling device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15118) It was discovered that the Raremono AM/FM/SW radio device driver in the Linux kernel did not properly allocate memory, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2019-15211) It was discovered at a double-free error existed in the USB Rio 500 device driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-15212) It was discovered that a race condition existed in the CPiA2 video4linux device driver for the Linux kernel, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15215) It was discovered that a race condition existed in the Softmac USB Prism54 device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15220) Benjamin Moody discovered that the XFS file system in the Linux kernel did not properly handle an error condition when out of disk quota. A local attacker could possibly use this to cause a denial of service. (CVE-2019-15538) It was discovered that the Hisilicon HNS3 ethernet device driver in the Linux kernel contained an out of bounds access vulnerability. A local attacker could use this to possibly cause a denial of service (system crash). (CVE-2019-15925) It was discovered that the Atheros mobile chipset driver in the Linux kernel did not properly validate data in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2019-15926) Daniele Antonioli, Nils Ole Tippenhauer, and Kasper B. A physically proximate attacker could use this to expose sensitive information. (CVE-2019-9506) It was discovered that ZR364XX Camera USB device driver for the Linux kernel did not properly initialize memory. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15217) It was discovered that the Siano USB MDTV receiver device driver in the Linux kernel made improper assumptions about the device characteristics. A physically proximate attacker could use this cause a denial of service (system crash). (CVE-2019-15218) It was discovered that the Line 6 POD USB device driver in the Linux kernel did not properly validate data size information from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15221) It was discovered that the Line 6 USB driver for the Linux kernel contained a race condition when the device was disconnected. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15223) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04: linux-image-5.0.0-1018-aws 5.0.0-1018.20 linux-image-5.0.0-1019-kvm 5.0.0-1019.20 linux-image-5.0.0-1019-raspi2 5.0.0-1019.19 linux-image-5.0.0-1020-gcp 5.0.0-1020.20 linux-image-5.0.0-1022-azure 5.0.0-1022.23 linux-image-5.0.0-1023-snapdragon 5.0.0-1023.24 linux-image-5.0.0-31-generic 5.0.0-31.33 linux-image-5.0.0-31-generic-lpae 5.0.0-31.33 linux-image-5.0.0-31-lowlatency 5.0.0-31.33 linux-image-aws 5.0.0.1018.19 linux-image-azure 5.0.0.1022.21 linux-image-gcp 5.0.0.1020.46 linux-image-generic 5.0.0.31.32 linux-image-generic-lpae 5.0.0.31.32 linux-image-gke 5.0.0.1020.46 linux-image-kvm 5.0.0.1019.19 linux-image-lowlatency 5.0.0.31.32 linux-image-raspi2 5.0.0.1019.16 linux-image-snapdragon 5.0.0.1023.16 linux-image-virtual 5.0.0.31.32 Ubuntu 18.04 LTS: linux-image-5.0.0-1020-gke 5.0.0-1020.20~18.04.1 linux-image-5.0.0-31-generic 5.0.0-31.33~18.04.1 linux-image-5.0.0-31-generic-lpae 5.0.0-31.33~18.04.1 linux-image-5.0.0-31-lowlatency 5.0.0-31.33~18.04.1 linux-image-generic-hwe-18.04 5.0.0.31.88 linux-image-generic-lpae-hwe-18.04 5.0.0.31.88 linux-image-gke-5.0 5.0.0.1020.9 linux-image-lowlatency-hwe-18.04 5.0.0.31.88 linux-image-snapdragon-hwe-18.04 5.0.0.31.88 linux-image-virtual-hwe-18.04 5.0.0.31.88 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://usn.ubuntu.com/4147-1 CVE-2019-0136, CVE-2019-10207, CVE-2019-13631, CVE-2019-15090, CVE-2019-15117, CVE-2019-15118, CVE-2019-15211, CVE-2019-15212, CVE-2019-15215, CVE-2019-15217, CVE-2019-15218, CVE-2019-15220, CVE-2019-15221, CVE-2019-15223, CVE-2019-15538, CVE-2019-15925, CVE-2019-15926, CVE-2019-9506 Package Information: https://launchpad.net/ubuntu/+source/linux/5.0.0-31.33 https://launchpad.net/ubuntu/+source/linux-aws/5.0.0-1018.20 https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1022.23 https://launchpad.net/ubuntu/+source/linux-gcp/5.0.0-1020.20 https://launchpad.net/ubuntu/+source/linux-kvm/5.0.0-1019.20 https://launchpad.net/ubuntu/+source/linux-raspi2/5.0.0-1019.19 https://launchpad.net/ubuntu/+source/linux-snapdragon/5.0.0-1023.24 https://launchpad.net/ubuntu/+source/linux-gke-5.0/5.0.0-1020.20~18.04.1 https://launchpad.net/ubuntu/+source/linux-hwe/5.0.0-31.33~18.04.1 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3 watchOS 5.3 addresses the following: Bluetooth Available for: Apple Watch Series 1 and later Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic (Key Negotiation of Bluetooth - KNOB) Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. CVE-2019-9506: Daniele Antonioli of SUTD, Singapore, Dr. Kasper Rasmussen of University of Oxford, England Entry added August 13, 2019 Core Data Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8646: Natalie Silvanovich of Google Project Zero Core Data Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to cause arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-8647: Samuel Groß and Natalie Silvanovich of Google Project Zero Core Data Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8660: Samuel Groß and Natalie Silvanovich of Google Project Zero Digital Touch Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8624: Natalie Silvanovich of Google Project Zero FaceTime Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8648: Tao Huang and Tielei Wang of Team Pangu Foundation Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8641: Samuel Groß and Natalie Silvanovich of Google Project Zero Heimdal Available for: Apple Watch Series 1 and later Impact: An issue existed in Samba that may allow attackers to perform unauthorized actions by intercepting communications between services Description: This issue was addressed with improved checks to prevent unauthorized actions. CVE-2018-16860: Isaac Boukris and Andrew Bartlett of the Samba Team and Catalyst libxslt Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to view sensitive information Description: A stack overflow was addressed with improved input validation. CVE-2019-13118: found by OSS-Fuzz Messages Available for: Apple Watch Series 1 and later Impact: Users removed from an iMessage conversation may still be able to alter state Description: This issue was addressed with improved checks. CVE-2019-8659: Ryan Kontos (@ryanjkontos), Will Christensen of University of Oregon Messages Available for: Apple Watch Series 1 and later Impact: A remote attacker may cause an unexpected application termination Description: A denial of service issue was addressed with improved validation. CVE-2019-8665: Michael Hernandez of XYZ Marketing Quick Look Available for: Apple Watch Series 1 and later Impact: An attacker may be able to trigger a use-after-free in an application deserializing an untrusted NSDictionary Description: This issue was addressed with improved checks. CVE-2019-8662: Natalie Silvanovich and Samuel Groß of Google Project Zero Siri Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8646: Natalie Silvanovich of Google Project Zero UIFoundation Available for: Apple Watch Series 1 and later Impact: Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8657: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative Wallet Available for: Apple Watch Series 1 and later Impact: A user may inadvertently complete an in-app purchase while on the lock screen Description: The issue was addressed with improved UI handling. CVE-2019-8682: Jeff Braswell (JeffBraswell.com) WebKit Available for: Apple Watch Series 1 and later Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management. CVE-2019-8658: akayn working with Trend Micro's Zero Day Initiative WebKit Available for: Apple Watch Series 1 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-8669: akayn working with Trend Micro's Zero Day Initiative CVE-2019-8672: Samuel Groß of Google Project Zero CVE-2019-8676: Soyeon Park and Wen Xu of SSLab at Georgia Tech CVE-2019-8683: lokihardt of Google Project Zero CVE-2019-8684: lokihardt of Google Project Zero CVE-2019-8685: akayn, Dongzhuo Zhao working with ADLab of Venustech, Ken Wong (@wwkenwong) of VXRL, Anthony Lai (@darkfloyd1014) of VXRL, and Eric Lung (@Khlung1) of VXRL CVE-2019-8688: Insu Yun of SSLab at Georgia Tech CVE-2019-8689: lokihardt of Google Project Zero Additional recognition MobileInstallation We would like to acknowledge Dany Lisiansky (@DanyL931) for their assistance. Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2019:3187-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:3187 Issue date: 2019-10-23 CVE Names: CVE-2019-9506 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.4) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.4) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.4) - noarch, x86_64 3. Security Fix(es): * hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Fix possible Spectre-v1 bugs in wireless code (BZ#1706696) * powerpc/pseries: Disable CPU hotplug across migrations / powerpc/rtas: Fix a potential race between CPU-Offline & Migration (LPM) (BZ#1745436) * powerpc/pseries: Fix unitialized timer reset on migration / powerpc/pseries/mobility: Extend start/stop topology update scope (LPM) (BZ#1745438) * ISST-LTE:PVM:Zeppelin :LPM: Failure logs and stack trace seen during LPM (POWER9/P9) (BZ#1745446) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Package List: Red Hat Enterprise Linux Server AUS (v. 7.4): Source: kernel-3.10.0-693.60.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.60.1.el7.noarch.rpm kernel-doc-3.10.0-693.60.1.el7.noarch.rpm x86_64: kernel-3.10.0-693.60.1.el7.x86_64.rpm kernel-debug-3.10.0-693.60.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.60.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.60.1.el7.x86_64.rpm kernel-devel-3.10.0-693.60.1.el7.x86_64.rpm kernel-headers-3.10.0-693.60.1.el7.x86_64.rpm kernel-tools-3.10.0-693.60.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.60.1.el7.x86_64.rpm perf-3.10.0-693.60.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm python-perf-3.10.0-693.60.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.4): Source: kernel-3.10.0-693.60.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.60.1.el7.noarch.rpm kernel-doc-3.10.0-693.60.1.el7.noarch.rpm ppc64le: kernel-3.10.0-693.60.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-693.60.1.el7.ppc64le.rpm kernel-debug-3.10.0-693.60.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-693.60.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-693.60.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-693.60.1.el7.ppc64le.rpm kernel-devel-3.10.0-693.60.1.el7.ppc64le.rpm kernel-headers-3.10.0-693.60.1.el7.ppc64le.rpm kernel-tools-3.10.0-693.60.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-693.60.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-693.60.1.el7.ppc64le.rpm perf-3.10.0-693.60.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-693.60.1.el7.ppc64le.rpm python-perf-3.10.0-693.60.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-693.60.1.el7.ppc64le.rpm x86_64: kernel-3.10.0-693.60.1.el7.x86_64.rpm kernel-debug-3.10.0-693.60.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.60.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.60.1.el7.x86_64.rpm kernel-devel-3.10.0-693.60.1.el7.x86_64.rpm kernel-headers-3.10.0-693.60.1.el7.x86_64.rpm kernel-tools-3.10.0-693.60.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.60.1.el7.x86_64.rpm perf-3.10.0-693.60.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm python-perf-3.10.0-693.60.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.4): Source: kernel-3.10.0-693.60.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.60.1.el7.noarch.rpm kernel-doc-3.10.0-693.60.1.el7.noarch.rpm x86_64: kernel-3.10.0-693.60.1.el7.x86_64.rpm kernel-debug-3.10.0-693.60.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.60.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.60.1.el7.x86_64.rpm kernel-devel-3.10.0-693.60.1.el7.x86_64.rpm kernel-headers-3.10.0-693.60.1.el7.x86_64.rpm kernel-tools-3.10.0-693.60.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.60.1.el7.x86_64.rpm perf-3.10.0-693.60.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm python-perf-3.10.0-693.60.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.4): x86_64: kernel-debug-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.60.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.60.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional E4S (v. 7.4): ppc64le: kernel-debug-debuginfo-3.10.0-693.60.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-693.60.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-693.60.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-693.60.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-693.60.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-693.60.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-693.60.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-693.60.1.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.60.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.60.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 7.4): x86_64: kernel-debug-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.60.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.60.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.60.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXbAXitzjgjWX9erEAQh25A/9FrjeF3eVkgGwc/RvTRPF/Qqb44x+l61E KceVqzr3avw9TDoiCA8e35ZYwNBvpN6YW/VDiI0vSyj2nQp57xFK48ybhUvXGUKL A2dXn793a3ZBKIp4wVVQKyjBsAI31MT/AZDKrzlugszWlV25u/mc2tC4Yndbe+8e Lbwf2VvKdvtlH26Cadv1UN9YsnmtQuNdGp9NrRbttTCW9rMmHtkoQ/yT4rcS/7Fl 1tu2j2Yoi0GEG9wXWda7cbpd2jLCcpjwIYnrjRNOuMNVSugRKRcAY1rMwpL5dVpA rx2bi3X3HhCpGTgZSJbl9fz2f1J71o9WoUSybaT36Uc50iOs7anoHc82XPGFvkak xg+mkIVNkwGxW9pkum8tZANjhDwyGJl0bpS98zkzpNiBqdrGdN4V9qMmhqmEa/lT lQ7haJR1rqboIzS5uSpTL/a79blwDjnMNsZ3D+c6xFfjsq8yu1zGfDWBbMdoc1Zo 3CNT4+pdBr5ASdlE7R3G+8Zx77WSK2MLxRnzzHBF6KphF4LOOUJmefpZ0KQRGkN8 zOKjvsynVKSzqt++WJrij+U74KL65PZokF8kKSc0yDhgYRaeqK6QIwe+Dbn/YUsn RNBi1ZoILHB9nMxbT5OlEVf/0EJl7oD1zINT0n7S8b86gRnfHdMLlvZ1Kcfjs0Sy Vdo262+aA6k= =FkCN -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.7

sources: NVD: CVE-2019-9506 // CERT/CC: VU#918987 // VULHUB: VHN-160941 // VULMON: CVE-2019-9506 // PACKETSTORM: 155121 // PACKETSTORM: 157216 // PACKETSTORM: 155017 // PACKETSTORM: 155147 // PACKETSTORM: 155004 // PACKETSTORM: 154879 // PACKETSTORM: 154936 // PACKETSTORM: 154740 // PACKETSTORM: 154056 // PACKETSTORM: 154949

AFFECTED PRODUCTS

vendor:huaweimodel:cornell-tl10bscope:ltversion:9.1.0.333\(c01e333r1p1t8\)

Trust: 1.0

vendor:huaweimodel:p30scope:eqversion: -

Trust: 1.0

vendor:huaweimodel:lelandp-l22dscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:leland-tl10bscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:columbia-tl00dscope:ltversion:8.1.0.186\(c01gt\)

Trust: 1.0

vendor:huaweimodel:y6 2019scope:eqversion: -

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:19.04

Trust: 1.0

vendor:applemodel:tvosscope:eqversion:12.4

Trust: 1.0

vendor:huaweimodel:cairogo-l22scope:ltversion:cairogo-l22c461b153

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:7.0

Trust: 1.0

vendor:huaweimodel:princeton-tl10cscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:ever-l29bscope:ltversion:9.1.0.338\(c185e3r3p1\)

Trust: 1.0

vendor:huaweimodel:princeton-al10dscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:cornell-l29ascope:ltversion:9.1.0.341\(c185e1r1p9t8\)

Trust: 1.0

vendor:huaweimodel:emily-l29cscope:ltversion:9.1.0.325\(c185e2r1p12t8\)

Trust: 1.0

vendor:huaweimodel:leland-l32cscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:yale-tl00bscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:berkeley-l09scope:ltversion:9.1.0.350\(c10e3r1p14t8\)

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.12.6

Trust: 1.0

vendor:huaweimodel:bla-l29cscope:ltversion:9.1.0.307\(c635e4r1p13t8\)

Trust: 1.0

vendor:redhatmodel:virtualization host eusscope:eqversion:4.2

Trust: 1.0

vendor:huaweimodel:nova 3scope:eqversion: -

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:7.7

Trust: 1.0

vendor:huaweimodel:laya-al00epscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:bla-l29cscope:ltversion:9.1.0.306\(c432e4r1p11t8\)

Trust: 1.0

vendor:huaweimodel:figo-l31scope:ltversion:9.1.0.158\(c432e8r1p5t8\)

Trust: 1.0

vendor:huaweimodel:charlotte-l29cscope:ltversion:9.1.0.328\(c782e10r1p9t8\)

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:7.6

Trust: 1.0

vendor:huaweimodel:berkeley-l09scope:ltversion:9.1.0.332\(c432e5r1p13t8\)

Trust: 1.0

vendor:huaweimodel:lelandp-l22cscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:ares-al10dscope:ltversion:9.1.0.160\(c00e160r2p5t8\)

Trust: 1.0

vendor:huaweimodel:y6 prime 2018scope:eqversion: -

Trust: 1.0

vendor:huaweimodel:sydney-l21scope:eqversion: -

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:huaweimodel:cornell-al00indscope:ltversion:8.2.0.141\(c675custc675d1gt\)

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.0

Trust: 1.0

vendor:huaweimodel:paris-al00icscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:atomu-l42scope:ltversion:8.0.0.155\(c636custc636d1\)

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.3

Trust: 1.0

vendor:huaweimodel:honor 20 proscope:ltversion:9.1.0.155\(c10e2r3p1\)

Trust: 1.0

vendor:huaweimodel:madrid-tl00ascope:eqversion: -

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:8.0

Trust: 1.0

vendor:redhatmodel:enterprise linux ausscope:eqversion:7.5

Trust: 1.0

vendor:redhatmodel:enterprise linux for real time for nfvscope:eqversion:8

Trust: 1.0

vendor:huaweimodel:florida-l21scope:ltversion:9.1.0.150\(c185e6r1p5t8\)

Trust: 1.0

vendor:huaweimodel:columbia-l29dscope:ltversion:9.1.0.350\(c636e3r1p13t8\)

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:8.4

Trust: 1.0

vendor:huaweimodel:figo-l31scope:ltversion:9.1.0.137\(c33e8r1p5t8\)

Trust: 1.0

vendor:huaweimodel:honor 20 proscope:ltversion:9.1.0.171\(c10e2r3p1\)

Trust: 1.0

vendor:huaweimodel:leland-tl10cscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:madrid-al00ascope:eqversion: -

Trust: 1.0

vendor:huaweimodel:cornell-al10indscope:ltversion:9.1.0.363\(c675e2r1p9t8\)

Trust: 1.0

vendor:huaweimodel:nova 5i proscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:jakarta-al00ascope:eqversion: -

Trust: 1.0

vendor:huaweimodel:yale-l21ascope:eqversion: -

Trust: 1.0

vendor:huaweimodel:cornell-al00ascope:ltversion:9.1.0.333\(c00e333r1p1t8\)

Trust: 1.0

vendor:huaweimodel:columbia-l29dscope:ltversion:9.1.0.351\(c432e5r1p13t8\)

Trust: 1.0

vendor:huaweimodel:nova lite 3scope:eqversion: -

Trust: 1.0

vendor:huaweimodel:honor 20 proscope:ltversion:9.1.0.172\(c432e2r5p1\)

Trust: 1.0

vendor:redhatmodel:enterprise linux tusscope:eqversion:7.6

Trust: 1.0

vendor:huaweimodel:cornell-l29ascope:ltversion:9.1.0.336\(c636e2r1p12t8\)

Trust: 1.0

vendor:redhatmodel:enterprise linux for real timescope:eqversion:7

Trust: 1.0

vendor:huaweimodel:sydney-l22scope:eqversion: -

Trust: 1.0

vendor:huaweimodel:dura-tl00ascope:ltversion:1.0.0.176\(c01\)

Trust: 1.0

vendor:huaweimodel:p20scope:eqversion: -

Trust: 1.0

vendor:huaweimodel:y9 2019scope:eqversion: -

Trust: 1.0

vendor:huaweimodel:potter-al00cscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:florida-tl10bscope:ltversion:9.1.0.128\(c01e112r1p6t8\)

Trust: 1.0

vendor:huaweimodel:sydneym-l22scope:eqversion: -

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.7

Trust: 1.0

vendor:huaweimodel:lelandp-al10bscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:berkeley-tl10scope:ltversion:9.1.0.333\(c01e333r1p1t8\)

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:8.2

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.6

Trust: 1.0

vendor:huaweimodel:p30 proscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:cornell-l29ascope:ltversion:9.1.0.342\(c461e1r1p9t8\)

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.4

Trust: 1.0

vendor:huaweimodel:figo-l23scope:ltversion:9.1.0.160\(c605e6r1p5t8\)

Trust: 1.0

vendor:huaweimodel:imanager neteco 6000scope:eqversion: -

Trust: 1.0

vendor:huaweimodel:berkeley-l09scope:ltversion:9.1.0.350\(c636e4r1p13t8\)

Trust: 1.0

vendor:huaweimodel:emily-l29cscope:ltversion:9.1.0.328\(c432e7r1p11t8\)

Trust: 1.0

vendor:huaweimodel:honor 20 proscope:ltversion:9.1.0.154\(c432e2r5p1\)

Trust: 1.0

vendor:huaweimodel:tony-tl00bscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:harry-al00cscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:florida-l22scope:ltversion:9.1.0.150\(c636e6r1p5t8\)

Trust: 1.0

vendor:huaweimodel:honor 20scope:ltversion:9.1.0.149\(c675e8r2p1\)

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:8.2

Trust: 1.0

vendor:huaweimodel:honor 20 proscope:ltversion:9.1.0.170\(c185e2r5p1\)

Trust: 1.0

vendor:huaweimodel:nova 5scope:eqversion: -

Trust: 1.0

vendor:huaweimodel:leland-l42cscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:honor 8ascope:eqversion: -

Trust: 1.0

vendor:huaweimodel:lelandp-al10dscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:figo-tl10bscope:ltversion:9.1.0.130\(c01e115r2p8t8\)

Trust: 1.0

vendor:huaweimodel:tony-al00bscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:bla-l29cscope:ltversion:9.1.0.306\(c185e2r1p13t8\)

Trust: 1.0

vendor:huaweimodel:london-al40indscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:harry-al10bscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:johnson-tl00dscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:alp-al00bscope:ltversion:9.1.0.333\(c00e333r2p1t8\)

Trust: 1.0

vendor:huaweimodel:emily-l29cscope:ltversion:9.1.0.326\(c635e2r1p11t8\)

Trust: 1.0

vendor:huaweimodel:p smartscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:8.1

Trust: 1.0

vendor:huaweimodel:asoka-al00axscope:ltversion:9.1.1.181\(c00e48r6p1\)

Trust: 1.0

vendor:huaweimodel:columbia-al10iscope:ltversion:9.1.0.335\(c675e8r1p9t8\)

Trust: 1.0

vendor:huaweimodel:sydneym-l23scope:eqversion: -

Trust: 1.0

vendor:huaweimodel:ares-tl00cscope:ltversion:9.1.0.165\(c01e165r2p5t8\)

Trust: 1.0

vendor:redhatmodel:enterprise linux for real time for nfv eusscope:eqversion:8.2

Trust: 1.0

vendor:huaweimodel:cornell-l29ascope:ltversion:9.1.0.347\(c432e1r1p9t8\)

Trust: 1.0

vendor:redhatmodel:enterprise linux for real time eusscope:eqversion:8.2

Trust: 1.0

vendor:huaweimodel:katyusha-al00ascope:eqversion: -

Trust: 1.0

vendor:huaweimodel:paris-l29bscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:sydneym-l01scope:eqversion: -

Trust: 1.0

vendor:huaweimodel:florida-al20bscope:ltversion:9.1.0.128\(c00e112r1p6t8\)

Trust: 1.0

vendor:huaweimodel:columbia-l29dscope:ltversion:9.1.0.350\(c185e3r1p12t8\)

Trust: 1.0

vendor:huaweimodel:potter-al10ascope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:huaweimodel:yale-l61cscope:eqversion: -

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:12.4

Trust: 1.0

vendor:huaweimodel:sydney-l22brscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:sydneym-al00scope:eqversion: -

Trust: 1.0

vendor:huaweimodel:charlotte-l29cscope:ltversion:9.1.0.328\(c432e5r1p9t8\)

Trust: 1.0

vendor:huaweimodel:honor 20 proscope:ltversion:9.1.0.170\(c636e2r3p1\)

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:8.4

Trust: 1.0

vendor:huaweimodel:dubai-al00ascope:ltversion:8.2.0.190\(c00r2p2\)

Trust: 1.0

vendor:googlemodel:androidscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:charlotte-l29cscope:ltversion:9.1.0.311\(c605e2r1p11t8\)

Trust: 1.0

vendor:huaweimodel:honor 20scope:ltversion:9.1.0.143\(c675e8r2p1\)

Trust: 1.0

vendor:huaweimodel:hima-l29cscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:atomu-l33scope:ltversion:8.0.0.147\(c605custc605d1\)

Trust: 1.0

vendor:redhatmodel:enterprise linux for real time for nfvscope:eqversion:7

Trust: 1.0

vendor:huaweimodel:bla-tl00bscope:ltversion:9.1.0.329\(c01e320r1p1t8\)

Trust: 1.0

vendor:huaweimodel:emily-l29cscope:ltversion:9.1.0.325\(c636e7r1p13t8\)

Trust: 1.0

vendor:huaweimodel:dura-al00ascope:ltversion:1.0.0.182\(c00\)

Trust: 1.0

vendor:huaweimodel:charlotte-l29cscope:ltversion:9.1.0.325\(c636e2r1p12t8\)

Trust: 1.0

vendor:huaweimodel:emily-l29cscope:eqversion:8.1.0.156\(c605\)

Trust: 1.0

vendor:huaweimodel:p smart 2019scope:eqversion: -

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.5

Trust: 1.0

vendor:huaweimodel:harry-tl00cscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:enterprise linux for real timescope:eqversion:8

Trust: 1.0

vendor:huaweimodel:y6 pro 2019scope:eqversion: -

Trust: 1.0

vendor:huaweimodel:honor view 10scope:eqversion: -

Trust: 1.0

vendor:huaweimodel:berkeley-al20scope:ltversion:9.1.0.333\(c00e333r2p1t8\)

Trust: 1.0

vendor:huaweimodel:johnson-tl00fscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:figo-l31scope:ltversion:9.1.0.122\(c09e7r1p5t8\)

Trust: 1.0

vendor:huaweimodel:columbia-l29dscope:ltversion:9.1.0.350\(c10e5r1p14t8\)

Trust: 1.0

vendor:huaweimodel:yalep-al10bscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:florida-l23scope:ltversion:9.1.0.154\(c605e7r1p2t8\)

Trust: 1.0

vendor:huaweimodel:yale-al50ascope:eqversion: -

Trust: 1.0

vendor:huaweimodel:emily-l29cscope:ltversion:9.1.0.311\(c461e2r1p11t8\)

Trust: 1.0

vendor:redhatmodel:enterprise linux for real time for nfv eusscope:eqversion:8.4

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.7

Trust: 1.0

vendor:redhatmodel:enterprise linux for real time eusscope:eqversion:8.4

Trust: 1.0

vendor:huaweimodel:honor 8xscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:figo-l31scope:eqversion:8.0.0.122d\(c652\)

Trust: 1.0

vendor:huaweimodel:mate 20 xscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:cornell-al00iscope:ltversion:9.1.0.363\(c675e3r1p9t8\)

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.6

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.4

Trust: 1.0

vendor:huaweimodel:nova 4scope:eqversion: -

Trust: 1.0

vendor:huaweimodel:leland-l42ascope:eqversion: -

Trust: 1.0

vendor:huaweimodel:sydney-al00scope:eqversion: -

Trust: 1.0

vendor:huaweimodel:figo-l31scope:ltversion:9.1.0.165\(c10e8r1p5t8\)

Trust: 1.0

vendor:huaweimodel:honor 20 proscope:ltversion:9.1.0.154\(c636e2r3p1\)

Trust: 1.0

vendor:huaweimodel:columbia-l29dscope:ltversion:9.1.0.350\(c461e3r1p11t8\)

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:8.2

Trust: 1.0

vendor:huaweimodel:leland-l32ascope:eqversion: -

Trust: 1.0

vendor:huaweimodel:neo-al00dscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:sydneym-l03scope:eqversion: -

Trust: 1.0

vendor:huaweimodel:honor 20 proscope:ltversion:9.1.0.154\(c185e2r5p1\)

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.13.6

Trust: 1.0

vendor:huaweimodel:bla-l29cscope:ltversion:9.1.0.300\(c605e2r1p12t8\)

Trust: 1.0

vendor:huaweimodel:lelandp-l22ascope:eqversion: -

Trust: 1.0

vendor:huaweimodel:charlotte-l29cscope:ltversion:9.1.0.325\(c185e4r1p11t8\)

Trust: 1.0

vendor:huaweimodel:leland-l31ascope:eqversion: -

Trust: 1.0

vendor:huaweimodel:atomu-l41scope:ltversion:8.0.0.153\(c461custc461d1\)

Trust: 1.0

vendor:huaweimodel:imanager netecoscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:paris-l21bscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.3

Trust: 1.0

vendor:huaweimodel:mate 20 proscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:mrg realtimescope:eqversion:2.0

Trust: 1.0

vendor:huaweimodel:y5 2018scope:eqversion: -

Trust: 1.0

vendor:huaweimodel:yale-al00ascope:eqversion: -

Trust: 1.0

vendor:huaweimodel:sydney-tl00scope:eqversion: -

Trust: 1.0

vendor:huaweimodel:bla-l29cscope:ltversion:9.1.0.306\(c636e2r1p13t8\)

Trust: 1.0

vendor:huaweimodel:lelandp-al00cscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:sydney-l21brscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:columbia-al10bscope:ltversion:9.1.0.333\(c00e333r1p1t8\)

Trust: 1.0

vendor:huaweimodel:p20 proscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:honor view 20scope:eqversion: -

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:8.4

Trust: 1.0

vendor:huaweimodel:barca-al00scope:ltversion:8.0.0.366\(c00\)

Trust: 1.0

vendor:huaweimodel:leland-l21ascope:eqversion: -

Trust: 1.0

vendor:huaweimodel:paris-l21mebscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:princeton-al10bscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:florida-l21scope:ltversion:9.1.0.150\(c432e6r1p5t8\)

Trust: 1.0

vendor:huaweimodel:ares-al00bscope:ltversion:9.1.0.160\(c00e160r2p5t8\)

Trust: 1.0

vendor:huaweimodel:mate 20scope:eqversion: -

Trust: 1.0

vendor:applemodel:watchosscope:eqversion:5.3

Trust: 1.0

vendor:huaweimodel:honor 10 litescope:eqversion: -

Trust: 1.0

vendor:huaweimodel:y5 litescope:eqversion: -

Trust: 1.0

vendor:huaweimodel:bla-al00bscope:ltversion:9.1.0.329\(c786e320r2p1t8\)

Trust: 1.0

vendor:huaweimodel:figo-l31scope:ltversion:9.1.0.137\(c530e8r1p5t8\)

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.1

Trust: 1.0

vendor:huaweimodel:y7 2019scope:eqversion: -

Trust: 1.0

vendor:huaweimodel:sydneym-l21scope:eqversion: -

Trust: 1.0

vendor:blackberrymodel: - scope: - version: -

Trust: 0.8

vendor:bluetooth sigmodel: - scope: - version: -

Trust: 0.8

sources: CERT/CC: VU#918987 // NVD: CVE-2019-9506

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-9506
value: HIGH

Trust: 1.0

cret@cert.org: CVE-2019-9506
value: HIGH

Trust: 1.0

NVD: CVE-2019-9506
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201908-864
value: HIGH

Trust: 0.6

VULHUB: VHN-160941
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-9506
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-9506
severity: MEDIUM
baseScore: 4.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: CVE-2019-9506
severity: HIGH
baseScore: 7.8
vectorString: NONE
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-160941
severity: MEDIUM
baseScore: 4.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-9506
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.1

Trust: 1.0

cret@cert.org: CVE-2019-9506
baseSeverity: HIGH
baseScore: 7.6
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 4.7
version: 3.0

Trust: 1.0

sources: CERT/CC: VU#918987 // VULHUB: VHN-160941 // VULMON: CVE-2019-9506 // CNNVD: CNNVD-201908-864 // NVD: CVE-2019-9506 // NVD: CVE-2019-9506

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.1

problemtype:CWE-327

Trust: 1.1

sources: VULHUB: VHN-160941 // NVD: CVE-2019-9506

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201908-864

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201908-864

PATCH

title:Bluetooth Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96553

Trust: 0.6

title:The Registerurl:https://www.theregister.co.uk/2019/08/22/cisco_patch_bundle/

Trust: 0.2

title:Red Hat: Important: kernel security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193187 - Security Advisory

Trust: 0.1

title:Red Hat: Important: kpatch-patch security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193231 - Security Advisory

Trust: 0.1

title:Red Hat: Important: kernel security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192975 - Security Advisory

Trust: 0.1

title:Red Hat: Important: kernel-rt security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193165 - Security Advisory

Trust: 0.1

title:Red Hat: Important: kernel security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193218 - Security Advisory

Trust: 0.1

title:Red Hat: Important: kernel security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20201460 - Security Advisory

Trust: 0.1

title:Red Hat: Important: kernel security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193220 - Security Advisory

Trust: 0.1

title:Red Hat: Important: kernel-rt security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193089 - Security Advisory

Trust: 0.1

title:Red Hat: Important: kernel security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193055 - Security Advisory

Trust: 0.1

title:Red Hat: Important: kernel-alt security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193217 - Security Advisory

Trust: 0.1

title:Red Hat: Important: kpatch-patch security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193076 - Security Advisory

Trust: 0.1

title:Red Hat: CVE-2019-9506url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2019-9506

Trust: 0.1

title:Cisco: Key Negotiation of Bluetooth Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190813-bluetooth

Trust: 0.1

title:HP: HPSBPI03634 rev. 1 - HP OfficeJet Mobile and Sprocket Printers KNOB Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=HPSBPI03634

Trust: 0.1

title:Red Hat: Important: kernel security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200204 - Security Advisory

Trust: 0.1

title:HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBPI03634 rev. 1 - HP OfficeJet Mobile and Sprocket Printers KNOB Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=814c3d5b0bc03fc1c34e62dbc5cf6bf7

Trust: 0.1

title:HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBPI03634 rev. 1 - HP OfficeJet Mobile and Sprocket Printers KNOB Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=20bba81176880ee641f9d46354adc125

Trust: 0.1

title:Red Hat: Important: kernel security, bug fix, and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193517 - Security Advisory

Trust: 0.1

title:Huawei Security Advisories: Security Advisory - Key Negotiation of Bluetooth (KNOB) Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=huawei_security_advisories&qid=4da976eef66883f5331725800e5cf063

Trust: 0.1

title:Red Hat: Important: kernel-rt security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193309 - Security Advisory

Trust: 0.1

title:Ubuntu Security Notice: linux, linux-aws, linux-azure, linux-gcp, linux-gke-5.0, linux-hwe, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4147-1

Trust: 0.1

title:Fortinet Security Advisories: CVE-2019-9506 Encryption Key Negotiation of Bluetooth Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories&qid=FG-IR-19-224

Trust: 0.1

title:Ubuntu Security Notice: linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2 regressionurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4115-2

Trust: 0.1

title:Ubuntu Security Notice: linux, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4115-1

Trust: 0.1

title:Ubuntu Security Notice: linux-aws vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4118-1

Trust: 0.1

title:knoburl:https://github.com/francozappa/knob

Trust: 0.1

title:bluetooth-KNOBurl:https://github.com/u10427687/bluetooth-KNOB

Trust: 0.1

title: - url:https://github.com/makaubenson/Fix-BT-Ubuntu

Trust: 0.1

title:broadcom-bt-firmwareurl:https://github.com/winterheart/broadcom-bt-firmware

Trust: 0.1

title:broadcom-bt-firmwareurl:https://github.com/AlexandrBing/broadcom-bt-firmware

Trust: 0.1

title:Protocol-Vulurl:https://github.com/WinMin/Protocol-Vul

Trust: 0.1

title:awesome-bluetooth-securityurl:https://github.com/engn33r/awesome-bluetooth-security

Trust: 0.1

title: - url:https://github.com/JeffroMF/awesome-bluetooth-security321

Trust: 0.1

title:PoC-in-GitHuburl:https://github.com/developer3000S/PoC-in-GitHub

Trust: 0.1

title:CVE-POCurl:https://github.com/0xT11/CVE-POC

Trust: 0.1

title: - url:https://github.com/vincent-deng/veracode-container-security-finding-parser

Trust: 0.1

title:PoC-in-GitHuburl:https://github.com/hectorgie/PoC-in-GitHub

Trust: 0.1

title:PoC-in-GitHuburl:https://github.com/nomi-sec/PoC-in-GitHub

Trust: 0.1

title:Symantec Threat Intelligence Blogurl:https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-august-2019

Trust: 0.1

title:Threatposturl:https://threatpost.com/cisco-patches-six-critical-bugs/147585/

Trust: 0.1

title:Threatposturl:https://threatpost.com/lenovo-warns-bugs-thinkpads/147338/

Trust: 0.1

title:Threatposturl:https://threatpost.com/wormable-remote-desktop-bugs-august-patch-tuesday/147302/

Trust: 0.1

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/new-bluetooth-knob-flaw-lets-attackers-manipulate-traffic/

Trust: 0.1

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/new-bluetooth-knob-flaw-lets-attackers-manipulate-connections/

Trust: 0.1

sources: VULMON: CVE-2019-9506 // CNNVD: CNNVD-201908-864

EXTERNAL IDS

db:NVDid:CVE-2019-9506

Trust: 2.8

db:CERT/CCid:VU#918987

Trust: 2.6

db:PACKETSTORMid:157216

Trust: 0.8

db:CNNVDid:CNNVD-201908-864

Trust: 0.7

db:AUSCERTid:ESB-2020.0141

Trust: 0.6

db:AUSCERTid:ESB-2020.1366

Trust: 0.6

db:AUSCERTid:ESB-2020.1189

Trust: 0.6

db:AUSCERTid:ESB-2020.1366.2

Trust: 0.6

db:AUSCERTid:ESB-2019.4346

Trust: 0.6

db:AUSCERTid:ESB-2019.4346.2

Trust: 0.6

db:AUSCERTid:ESB-2019.4676

Trust: 0.6

db:AUSCERTid:ESB-2020.0262

Trust: 0.6

db:AUSCERTid:ESB-2019.3115

Trust: 0.6

db:AUSCERTid:ESB-2019.4252

Trust: 0.6

db:AUSCERTid:ESB-2020.1338

Trust: 0.6

db:AUSCERTid:ESB-2019.4584

Trust: 0.6

db:PACKETSTORMid:156058

Trust: 0.6

db:LENOVOid:LEN-27173

Trust: 0.6

db:PACKETSTORMid:155017

Trust: 0.2

db:PACKETSTORMid:154949

Trust: 0.2

db:PACKETSTORMid:154936

Trust: 0.2

db:PACKETSTORMid:155004

Trust: 0.2

db:VULHUBid:VHN-160941

Trust: 0.1

db:VULMONid:CVE-2019-9506

Trust: 0.1

db:PACKETSTORMid:155121

Trust: 0.1

db:PACKETSTORMid:155147

Trust: 0.1

db:PACKETSTORMid:154879

Trust: 0.1

db:PACKETSTORMid:154740

Trust: 0.1

db:PACKETSTORMid:154056

Trust: 0.1

sources: CERT/CC: VU#918987 // VULHUB: VHN-160941 // VULMON: CVE-2019-9506 // PACKETSTORM: 155121 // PACKETSTORM: 157216 // PACKETSTORM: 155017 // PACKETSTORM: 155147 // PACKETSTORM: 155004 // PACKETSTORM: 154879 // PACKETSTORM: 154936 // PACKETSTORM: 154740 // PACKETSTORM: 154056 // PACKETSTORM: 154949 // CNNVD: CNNVD-201908-864 // NVD: CVE-2019-9506

REFERENCES

url:https://access.redhat.com/errata/rhsa-2020:0204

Trust: 2.4

url:https://access.redhat.com/errata/rhsa-2019:3187

Trust: 2.0

url:https://access.redhat.com/errata/rhsa-2019:3089

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2019:3165

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2019:3218

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2019:3231

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2019:3309

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2019:3517

Trust: 1.9

url:https://www.kb.cert.org/vuls/id/918987/

Trust: 1.8

url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en

Trust: 1.8

url:https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/

Trust: 1.8

url:http://seclists.org/fulldisclosure/2019/aug/11

Trust: 1.8

url:http://seclists.org/fulldisclosure/2019/aug/13

Trust: 1.8

url:http://seclists.org/fulldisclosure/2019/aug/14

Trust: 1.8

url:http://seclists.org/fulldisclosure/2019/aug/15

Trust: 1.8

url:http://www.cs.ox.ac.uk/publications/publication12404-abstract.html

Trust: 1.8

url:https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:2975

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:3055

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:3076

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:3217

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:3220

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html

Trust: 1.8

url:https://usn.ubuntu.com/4115-1/

Trust: 1.8

url:https://usn.ubuntu.com/4118-1/

Trust: 1.8

url:https://usn.ubuntu.com/4147-1/

Trust: 1.8

url:https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-9506

Trust: 1.6

url:https://github.com/francozappa/knob

Trust: 0.9

url:https://www.bluetooth.com/specifications/adopted-specifications

Trust: 0.8

url:https://www.usenix.org/system/files/sec19-antonioli.pdf

Trust: 0.8

url:https://www.icasi.org/br-edr-encryption-key-bluetooth-vulnerability/

Trust: 0.8

url:http://support.blackberry.com/kb/articledetail?articlenumber=000057251

Trust: 0.8

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.8

url:https://access.redhat.com/articles/11258

Trust: 0.8

url:https://access.redhat.com/security/team/contact/

Trust: 0.8

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.8

url:https://bugzilla.redhat.com/):

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2019-9506

Trust: 0.8

url:https://access.redhat.com/security/team/key/

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190813-bluetooth

Trust: 0.7

url:https://www.suse.com/support/update/announcement/2019/suse-su-20193294-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20193295-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192984-1.html

Trust: 0.6

url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00237.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20193200-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192953-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192952-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192951-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192950-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192949-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192948-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192947-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192946-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2020/suse-su-20200093-1.html

Trust: 0.6

url:https://packetstormsecurity.com/files/157216/red-hat-security-advisory-2020-1460-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1338/

Trust: 0.6

url:https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/cve-2019-9506

Trust: 0.6

url:https://support.lenovo.com/us/en/product_security/len-27173

Trust: 0.6

url:https://support.apple.com/en-us/ht210353

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4676/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4346/

Trust: 0.6

url:https://support.apple.com/en-us/ht210346

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4252/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4584/

Trust: 0.6

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190828-01-knob-cn

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0141/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0262/

Trust: 0.6

url:https://packetstormsecurity.com/files/156058/red-hat-security-advisory-2020-0204-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3115/

Trust: 0.6

url:https://vigilance.fr/vulnerability/bluetooth-br-edr-information-disclosure-via-key-negotiation-30041

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4346.2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1189/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1366/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1366.2/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-10207

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-10126

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-10126

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-5489

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-11884

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-11884

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-3459

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-7222

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-16884

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-3874

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-10207

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-19985

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-13233

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-14821

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-19854

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-3882

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-11599

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-3874

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-13233

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-11599

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-14821

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-20169

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-20169

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-15916

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-3460

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-5489

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-3460

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-10638

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-7222

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-19985

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-11833

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-3900

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-19854

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-10638

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-15916

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-3882

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-16884

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-11833

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-3459

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-3900

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/327.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.kb.cert.org/vuls/id/918987

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:1460

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-1593

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-1593

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3846

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20856

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-3846

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20856

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15223

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux/5.0.0-31.33

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15538

Trust: 0.1

url:https://usn.ubuntu.com/4147-1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15118

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15221

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15090

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15217

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13631

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15925

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-snapdragon/5.0.0-1023.24

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-hwe/5.0.0-31.33~18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gcp/5.0.0-1020.20

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15117

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15220

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-raspi2/5.0.0-1019.19

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15211

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-aws/5.0.0-1018.20

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15926

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15218

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1022.23

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15215

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gke-5.0/5.0.0-1020.20~18.04.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-0136

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-kvm/5.0.0-1019.20

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15212

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8659

Trust: 0.1

url:https://support.apple.com/kb/ht204641

Trust: 0.1

url:https://support.apple.com/kb/ht201222

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16860

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8669

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8646

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8688

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13118

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8672

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8658

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8648

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8641

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8647

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8684

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8683

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8624

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8682

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8665

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8660

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8657

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8689

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8676

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8685

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8662

Trust: 0.1

sources: CERT/CC: VU#918987 // VULHUB: VHN-160941 // VULMON: CVE-2019-9506 // PACKETSTORM: 155121 // PACKETSTORM: 157216 // PACKETSTORM: 155017 // PACKETSTORM: 155147 // PACKETSTORM: 155004 // PACKETSTORM: 154879 // PACKETSTORM: 154936 // PACKETSTORM: 154740 // PACKETSTORM: 154056 // PACKETSTORM: 154949 // CNNVD: CNNVD-201908-864 // NVD: CVE-2019-9506

CREDITS

Red Hat

Trust: 0.8

sources: PACKETSTORM: 155121 // PACKETSTORM: 157216 // PACKETSTORM: 155017 // PACKETSTORM: 155147 // PACKETSTORM: 155004 // PACKETSTORM: 154879 // PACKETSTORM: 154936 // PACKETSTORM: 154949

SOURCES

db:CERT/CCid:VU#918987
db:VULHUBid:VHN-160941
db:VULMONid:CVE-2019-9506
db:PACKETSTORMid:155121
db:PACKETSTORMid:157216
db:PACKETSTORMid:155017
db:PACKETSTORMid:155147
db:PACKETSTORMid:155004
db:PACKETSTORMid:154879
db:PACKETSTORMid:154936
db:PACKETSTORMid:154740
db:PACKETSTORMid:154056
db:PACKETSTORMid:154949
db:CNNVDid:CNNVD-201908-864
db:NVDid:CVE-2019-9506

LAST UPDATE DATE

2025-06-12T21:36:03.810000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#918987date:2020-05-15T00:00:00
db:VULHUBid:VHN-160941date:2021-11-04T00:00:00
db:VULMONid:CVE-2019-9506date:2021-11-04T00:00:00
db:CNNVDid:CNNVD-201908-864date:2021-11-05T00:00:00
db:NVDid:CVE-2019-9506date:2024-11-21T04:51:45.113

SOURCES RELEASE DATE

db:CERT/CCid:VU#918987date:2019-08-14T00:00:00
db:VULHUBid:VHN-160941date:2019-08-14T00:00:00
db:VULMONid:CVE-2019-9506date:2019-08-14T00:00:00
db:PACKETSTORMid:155121date:2019-11-06T15:33:55
db:PACKETSTORMid:157216date:2020-04-14T15:40:41
db:PACKETSTORMid:155017date:2019-10-29T14:59:12
db:PACKETSTORMid:155147date:2019-11-06T15:49:15
db:PACKETSTORMid:155004date:2019-10-29T14:48:28
db:PACKETSTORMid:154879date:2019-10-16T15:06:37
db:PACKETSTORMid:154936date:2019-10-22T17:27:00
db:PACKETSTORMid:154740date:2019-10-05T14:13:57
db:PACKETSTORMid:154056date:2019-08-14T20:32:22
db:PACKETSTORMid:154949date:2019-10-23T18:29:02
db:CNNVDid:CNNVD-201908-864date:2019-08-13T00:00:00
db:NVDid:CVE-2019-9506date:2019-08-14T17:15:11.597