VDB
CVE-2020-10135
CVE-2020-10135
PUBLISHED
Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key.
EPSS 20.19% · 95.6th percentile
Risk Scores
EPSS Score
20.19%
95.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:20.04:LTS | linux-azure-fde-5.15 | 5.15.0-1070.79~20.04.1.1, 5.15.0-1039.46~20.04.1.1, 5.15.0-1038.45~20.04.1.1 |
| Ubuntu:Pro:FIPS-updates:18.04:LTS | linux-azure-fips | 4.15.0-2015.17, 4.15.0-2009.10, 4.15.0-2007.8 |
| Ubuntu:24.04:LTS | linux-raspi-realtime | 6.8.0-2019.20, 0 |
| Ubuntu:16.04:LTS | linux | 4.4.0-193.224, 4.4.0-194.226, 4.4.0-186.216 |
| Ubuntu:Pro:14.04:LTS | linux-azure | 4.15.0-1039.41~14.04.2, 4.15.0-1040.44~14.04.1, 4.15.0-1041.45~14.04.1 |
| Ubuntu:18.04:LTS | linux-gcp-5.3 | 5.3.0-1009.10~18.04.1, 0, 5.3.0-1010.11~18.04.1 |
| Ubuntu:16.04:LTS | linux-hwe-edge | 4.8.0-34.36~16.04.1, 4.10.0-14.16~16.04.1, 4.10.0-19.21~16.04.1 |
| Ubuntu:18.04:LTS | linux-aws-5.4 | 5.4.0-1022.22~18.04.1, *, * |
| Ubuntu:Pro:FIPS-updates:18.04:LTS | linux-fips | 4.15.0-1035.40, 4.15.0-1037.42, 4.15.0-1038.43 |
| Ubuntu:18.04:LTS | linux-azure | *, *, * |
| Ubuntu:18.04:LTS | linux-raspi2 | 4.15.0-1068.72, 4.15.0-1073.78, 4.15.0-1074.79 |
| Ubuntu:20.04:LTS | linux-kvm | 5.3.0-1009.10, 5.3.0-1008.9, 0 |
| Ubuntu:18.04:LTS | linux-oracle | 4.15.0-1053.57, 4.15.0-1057.62, 4.15.0-1061.67 |
| Ubuntu:18.04:LTS | linux-gcp-5.4 | 5.4.0-1021.21~18.04.1, 5.4.0-1022.22~18.04.1, 5.4.0-1024.24~18.04.1 |
| Ubuntu:18.04:LTS | linux-aws-5.0 | 0, 5.0.0-1021.24~18.04.1, * |
| Ubuntu:18.04:LTS | linux-hwe-5.4 | 5.4.0-51.56~18.04.1, 5.4.0-45.49~18.04.2, 5.4.0-42.46~18.04.1 |
| Ubuntu:18.04:LTS | linux-gcp-edge | 4.18.0-1008.9~18.04.1, 4.18.0-1004.5~18.04.1, 0 |
| Ubuntu:18.04:LTS | linux-azure-edge | *, *, 4.18.0-1007.7~18.04.1 |
| Ubuntu:Pro:14.04:LTS | linux | 3.13.0-21.43, 3.13.0-23.45, 3.13.0-24.47 |
| Ubuntu:18.04:LTS | linux-oem | 4.15.0-1017.20, 4.15.0-1018.21, 4.15.0-1056.65 |
…and 55 more
Exploit Intelligence
- CVE 2020-10135 a.k.a BIAS (Bluetooth Impersonation Attack) (github-poc)
- CVE 2020-10135 a.k.a BIAS (Bluetooth Impersonation Attack) (github-poc)
- CVE 2020-10135 a.k.a BIAS (Bluetooth Impersonation Attack) (github-poc)
- CVE 2020-10135 a.k.a BIAS (Bluetooth Impersonation Attack) (github-poc)
- CVE 2020-10135 a.k.a BIAS (Bluetooth Impersonation Attack) (github-poc)
- CVE 2020-10135 a.k.a BIAS (Bluetooth Impersonation Attack) (github-poc)
- CVE 2020-10135 a.k.a BIAS (Bluetooth Impersonation Attack) (github-poc)
- http://seclists.org/fulldisclosure/2020/Jun/5 (nist-nvd)
- vuln_scanner.py (github-poc)
- vuln_scanner.py (github-poc)
…and 5 more exploits
Timeline
- May 18, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- May 13, 2023 EPSS Score
- Sep 15, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-10135 third-party-advisory
- https://francozappa.github.io/about-bias/ third-party-advisory
- https://kb.cert.org/vuls/id/647177/ third-party-advisory
- https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/bias-vulnerability/ third-party-advisory
- https://packetstormsecurity.com/files/157922/Bluetooth-Impersonation-Attack-BIAS-Proof-Of-Concept.html third-party-advisory
- https://bugzilla.suse.com/show_bug.cgi?id=1171988 third-party-advisory
- https://lore.kernel.org/linux-bluetooth/20200520212015.626026-2-luiz.dentz@gmail.com/T/#m3d2012da00716dc280e9725484e8ff1d640d03b5 third-party-advisory
- https://lkml.org/lkml/2020/10/15/98 third-party-advisory
- https://github.com/marcinguy/CVE-2020-10135-BIAS third-party-advisory
- https://ubuntu.com/security/notices/USN-4657-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-4658-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-4659-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-4680-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-4752-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-10135 third-party-advisory