VDB

CVE-2020-26557

CVE-2020-26557 PUBLISHED

Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (without possession of the AuthValue used in the provisioning protocol) to determine the AuthValue via a brute-force attack (unless the AuthValue is sufficiently random and changed each time).

EPSS 0.95% · 76.7th percentile

Risk Scores

EPSS Score
0.95%
76.7th percentile

Affected Products

VendorProductVersions
Ubuntu:Pro:Realtime:22.04:LTSlinux-intel-iot-realtime5.15.0-1038.40, 5.15.0-1037.39, 5.15.0-1035.37
Ubuntu:22.04:LTSlinux-kvm5.15.0-1053.58, 5.15.0-1090.95, 5.15.0-1084.89
Ubuntu:22.04:LTSlinux-gcp-5.195.19.0-1020.22~22.04.2, 5.19.0-1025.27~22.04.1, *
Ubuntu:22.04:LTSlinux-oracle5.15.0-1081.87, 5.15.0-1079.85, 5.15.0-1060.66
Ubuntu:Pro:18.04:LTSlinux-gcp-5.45.4.0-1150.159~18.04.1, 5.4.0-1153.162~18.04.1, 5.4.0-1154.163~18.04.1
Ubuntu:25.10linux-realtime6.17.0-1006.7, 0, 6.14.0-1002.2
Ubuntu:Pro:18.04:LTSlinux-gcp-4.154.15.0-1096.109, 0, 4.15.0-1071.81
Ubuntu:20.04:LTSlinux-riscv-5.115.11.0-1021.22~20.04.1, 0, 5.11.0-1015.16~20.04.1
Ubuntu:Pro:18.04:LTSlinux4.15.0-74.84, 4.15.0-88.88, 4.15.0-91.92
Ubuntu:Pro:16.04:LTSlinux4.4.0-186.216, 4.4.0-178.208, 4.4.0-176.206
Ubuntu:20.04:LTSlinux-intel-5.135.13.0-1017.19, 5.13.0-1014.15, 5.13.0-1011.11
Ubuntu:22.04:LTSlinux-intel-iotg5.15.0-1080.86, 5.15.0-1084.90, 5.15.0-1088.94
Ubuntu:24.04:LTSlinux-oracle6.8.0-1023.24, 6.8.0-1021.22, 6.8.0-1020.21
Ubuntu:24.04:LTSlinux-riscv-6.176.17.0-14.14.1~24.04.1, 0
Ubuntu:22.04:LTSlinux-ibm-6.86.8.0-1042.42~22.04.1, 6.8.0-1008.8~22.04.1, 6.8.0-1010.10~22.04.1
Ubuntu:24.04:LTSlinux-raspi-realtime0, 6.8.0-2019.20
Ubuntu:Pro:Realtime:24.04:LTSlinux-realtime6.8.1-1039.40, 6.8.1-1038.39, 6.8.1-1036.37
Ubuntu:22.04:LTSlinux-nvidia5.15.0-1078.79, 5.15.0-1077.78, 5.15.0-1076.77
Ubuntu:22.04:LTSlinux-hwe-6.86.8.0-90.91~22.04.1, 6.8.0-84.84~22.04.1, 6.8.0-85.85~22.04.1
Ubuntu:Pro:Realtime:24.04:LTSlinux-realtime-6.146.14.0-1003.3~24.04.3, 6.14.0-1017.17~24.04.1, 6.14.0-1016.16~24.04.1

…and 219 more

Timeline

  • May 24, 2021 CVE Published
  • May 25, 2021 EPSS Score
  • Jul 27, 2021 EPSS Score
  • Nov 27, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Jan 27, 2022 EPSS Score
  • Mar 30, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 30, 2022 EPSS Score
  • Sep 30, 2022 EPSS Score
  • Dec 1, 2022 EPSS Score
  • Jan 31, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›