VDB
CVE-2020-26557
CVE-2020-26557
PUBLISHED
Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (without possession of the AuthValue used in the provisioning protocol) to determine the AuthValue via a brute-force attack (unless the AuthValue is sufficiently random and changed each time).
EPSS 0.95% · 76.7th percentile
Risk Scores
EPSS Score
0.95%
76.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:Realtime:22.04:LTS | linux-intel-iot-realtime | 5.15.0-1038.40, 5.15.0-1037.39, 5.15.0-1035.37 |
| Ubuntu:22.04:LTS | linux-kvm | 5.15.0-1053.58, 5.15.0-1090.95, 5.15.0-1084.89 |
| Ubuntu:22.04:LTS | linux-gcp-5.19 | 5.19.0-1020.22~22.04.2, 5.19.0-1025.27~22.04.1, * |
| Ubuntu:22.04:LTS | linux-oracle | 5.15.0-1081.87, 5.15.0-1079.85, 5.15.0-1060.66 |
| Ubuntu:Pro:18.04:LTS | linux-gcp-5.4 | 5.4.0-1150.159~18.04.1, 5.4.0-1153.162~18.04.1, 5.4.0-1154.163~18.04.1 |
| Ubuntu:25.10 | linux-realtime | 6.17.0-1006.7, 0, 6.14.0-1002.2 |
| Ubuntu:Pro:18.04:LTS | linux-gcp-4.15 | 4.15.0-1096.109, 0, 4.15.0-1071.81 |
| Ubuntu:20.04:LTS | linux-riscv-5.11 | 5.11.0-1021.22~20.04.1, 0, 5.11.0-1015.16~20.04.1 |
| Ubuntu:Pro:18.04:LTS | linux | 4.15.0-74.84, 4.15.0-88.88, 4.15.0-91.92 |
| Ubuntu:Pro:16.04:LTS | linux | 4.4.0-186.216, 4.4.0-178.208, 4.4.0-176.206 |
| Ubuntu:20.04:LTS | linux-intel-5.13 | 5.13.0-1017.19, 5.13.0-1014.15, 5.13.0-1011.11 |
| Ubuntu:22.04:LTS | linux-intel-iotg | 5.15.0-1080.86, 5.15.0-1084.90, 5.15.0-1088.94 |
| Ubuntu:24.04:LTS | linux-oracle | 6.8.0-1023.24, 6.8.0-1021.22, 6.8.0-1020.21 |
| Ubuntu:24.04:LTS | linux-riscv-6.17 | 6.17.0-14.14.1~24.04.1, 0 |
| Ubuntu:22.04:LTS | linux-ibm-6.8 | 6.8.0-1042.42~22.04.1, 6.8.0-1008.8~22.04.1, 6.8.0-1010.10~22.04.1 |
| Ubuntu:24.04:LTS | linux-raspi-realtime | 0, 6.8.0-2019.20 |
| Ubuntu:Pro:Realtime:24.04:LTS | linux-realtime | 6.8.1-1039.40, 6.8.1-1038.39, 6.8.1-1036.37 |
| Ubuntu:22.04:LTS | linux-nvidia | 5.15.0-1078.79, 5.15.0-1077.78, 5.15.0-1076.77 |
| Ubuntu:22.04:LTS | linux-hwe-6.8 | 6.8.0-90.91~22.04.1, 6.8.0-84.84~22.04.1, 6.8.0-85.85~22.04.1 |
| Ubuntu:Pro:Realtime:24.04:LTS | linux-realtime-6.14 | 6.14.0-1003.3~24.04.3, 6.14.0-1017.17~24.04.1, 6.14.0-1016.16~24.04.1 |
…and 219 more
Timeline
- May 24, 2021 CVE Published
- May 25, 2021 EPSS Score
- Jul 27, 2021 EPSS Score
- Nov 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Jan 27, 2022 EPSS Score
- Mar 30, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 30, 2022 EPSS Score
- Sep 30, 2022 EPSS Score
- Dec 1, 2022 EPSS Score
- Jan 31, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-26557 third-party-advisory
- https://kb.cert.org/vuls/id/799380 third-party-advisory
- https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/predicatable-authvalue/ third-party-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1960009 third-party-advisory
- https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/ third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-26557 third-party-advisory