CVE-2019-9506 — Vulnetix

CVE-2019-9506 PUBLISHED

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.

EPSS 4.15% · 88.9th percentile

Risk Scores

EPSS Score

4.15%

88.9th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:16.04:LTS	linux-hwe	4.15.0-29.31~16.04.1, 4.15.0-55.60~16.04.2, 4.15.0-52.56~16.04.1
Ubuntu:18.04:LTS	linux-gke-5.0	5.0.0-1017.17~18.04.1, 5.0.0-1015.15~18.04.1, 5.0.0-1013.13~18.04.1
Ubuntu:18.04:LTS	linux-oracle	4.15.0-1014.16, 4.15.0-1015.17, 4.15.0-1018.20
Ubuntu:18.04:LTS	linux-hwe	5.0.0-29.31~18.04.1, ,
Ubuntu:16.04:LTS	linux-oracle	4.15.0-1007.9~16.04.1, 4.15.0-1008.10~16.04.1, 4.15.0-1009.11~16.04.1
Ubuntu:16.04:LTS	linux-gcp	0, 4.13.0-1019.23, *
Ubuntu:Pro:14.04:LTS	linux-aws	4.4.0-1024.25, 4.4.0-1025.26, 4.4.0-1027.30
Ubuntu:Pro:FIPS-updates:18.04:LTS	linux-azure-fips	0, 4.15.0-1002.2
Ubuntu:18.04:LTS	linux	4.15.0-47.50, 4.15.0-29.31, 4.15.0-30.32
Ubuntu:18.04:LTS	linux-aws	4.15.0-1011.11, 4.15.0-1010.10, 4.15.0-1037.39
Ubuntu:20.04:LTS	linux-gke	5.4.0-1104.111, 5.4.0-1105.112, 5.4.0-1084.90
Ubuntu:Pro:FIPS:18.04:LTS	linux-azure-fips	0, 4.15.0-1002.2
Ubuntu:Pro:14.04:LTS	linux-azure	4.15.0-1031.32~14.04.1, ,
Ubuntu:18.04:LTS	linux-oem-osp1	5.0.0-1020.22, 5.0.0-1015.16, 5.0.0-1018.20
Ubuntu:18.04:LTS	linux-gcp	4.15.0-1027.28, 4.15.0-1026.27, 4.15.0-1040.42
Ubuntu:Pro:FIPS:18.04:LTS	linux-gcp-fips	4.15.0-1001.1, 0
Ubuntu:Pro:14.04:LTS	linux	3.13.0-66.108, 3.13.0-23.45, 3.13.0-24.46
Ubuntu:18.04:LTS	linux-snapdragon	0, 4.4.0-1077.82, 4.4.0-1078.83
Ubuntu:18.04:LTS	linux-raspi2	4.13.0-1005.5, 4.15.0-1027.29, 0
Ubuntu:Pro:FIPS:16.04:LTS	linux-fips	0, 4.4.0-1010.13, 4.4.0-1015.20

…and 18 more

Exploit Intelligence

Key Negotiation Of Bluetooth (KNOB) attacks on Bluetooth BR/EDR and BLE [CVE-2019-9506] (github-poc-repo)
Key Negotiation Of Bluetooth (KNOB) attacks on Bluetooth BR/EDR and BLE [CVE-2019-9506] (github-poc-repo)
Key Negotiation Of Bluetooth (KNOB) attacks on Bluetooth BR/EDR and BLE [CVE-2019-9506] (github-poc-repo)
Key Negotiation Of Bluetooth (KNOB) attacks on Bluetooth BR/EDR and BLE [CVE-2019-9506] (github-poc-repo)
Key Negotiation Of Bluetooth (KNOB) attacks on Bluetooth BR/EDR and BLE [CVE-2019-9506] (github-poc-repo)
Key Negotiation Of Bluetooth (KNOB) attacks on Bluetooth BR/EDR and BLE [CVE-2019-9506] (github-poc-repo)
Key Negotiation Of Bluetooth (KNOB) attacks on Bluetooth BR/EDR and BLE [CVE-2019-9506] (github-poc-repo)
Key Negotiation Of Bluetooth (KNOB) attacks on Bluetooth BR/EDR and BLE [CVE-2019-9506] (github-poc-repo)
Key Negotiation Of Bluetooth (KNOB) attacks on Bluetooth BR/EDR and BLE [CVE-2019-9506] (github-poc-repo)
Key Negotiation Of Bluetooth (KNOB) attacks on Bluetooth BR/EDR and BLE [CVE-2019-9506] (github-poc-repo)

…and 27 more exploits

Timeline

Aug 13, 2019 CVE Published
Apr 14, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Mar 7, 2023 EPSS Score
Dec 17, 2024 EPSS Score
Mar 19, 2025 EPSS Score
Mar 20, 2025 EPSS Score
Mar 27, 2025 EPSS Score
Mar 28, 2025 EPSS Score
Mar 29, 2025 EPSS Score
Mar 30, 2025 EPSS Score
Jul 16, 2025 EPSS Score

References

https://ubuntu.com/security/CVE-2019-9506 third-party-advisory
https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli third-party-advisory
https://knobattack.com/ third-party-advisory
https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/ third-party-advisory
https://ubuntu.com/security/notices/USN-4115-1 vendor-advisory
https://ubuntu.com/security/notices/USN-4118-1 vendor-advisory
https://ubuntu.com/security/notices/USN-4147-1 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2019-9506 third-party-advisory

Open in Interactive Console →