VDB
CVE-2020-26559
CVE-2020-26559
PUBLISHED
Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (participating in the provisioning protocol) to identify the AuthValue used given the Provisioner’s public key, and the confirmation number and nonce provided by the provisioning device. This could permit a device without the AuthValue to complete provisioning without brute-forcing the AuthValue.
EPSS 1.27% · 79.9th percentile
Risk Scores
EPSS Score
1.27%
79.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:24.04:LTS | linux-azure-6.14 | *, 6.14.0-1017.17~24.04.1, 6.14.0-1013.13~24.04.1 |
| Ubuntu:Pro:20.04:LTS | linux-gcp | 5.4.0-1154.163, 5.4.0-1157.166, 5.4.0-1156.165 |
| Ubuntu:22.04:LTS | linux-azure | 5.15.0-1073.82, 5.15.0-1070.79, 5.15.0-1097.106 |
| Ubuntu:18.04:LTS | linux-azure-5.3 | 0, 5.3.0-1008.9~18.04.1, 5.3.0-1009.10~18.04.1 |
| Ubuntu:22.04:LTS | linux-nvidia | 5.15.0-1086.87, 5.15.0-1087.88, 5.15.0-1088.89 |
| Ubuntu:22.04:LTS | linux-azure-fde-5.19 | *, 5.19.0-1026.29~22.04.1.1, 5.19.0-1027.30~22.04.2.1 |
| Ubuntu:Pro:20.04:LTS | linux-oracle-5.15 | 5.15.0-1047.53~20.04.1, 0, 5.15.0-1007.9~20.04.1 |
| Ubuntu:22.04:LTS | linux-gcp-6.8 | 6.8.0-1042.45~22.04.1, 0, 6.8.0-1021.23~22.04.1 |
| Ubuntu:24.04:LTS | linux-gkeop | 6.8.0-1023.25, 6.8.0-1016.18, 6.8.0-1014.16 |
| Ubuntu:24.04:LTS | linux-gcp-6.11 | 0, 6.11.0-1006.6~24.04.2, 6.11.0-1011.11~24.04.1 |
| Ubuntu:22.04:LTS | linux-aws-6.8 | 6.8.0-1031.33~22.04.1, *, * |
| Ubuntu:Pro:FIPS:20.04:LTS | linux-aws-fips | 0, 5.4.0-1021.21+fips2 |
| Ubuntu:22.04:LTS | linux-nvidia-tegra | 5.15.0-1012.12, 5.15.0-1020.20, 5.15.0-1040.40 |
| Ubuntu:20.04:LTS | linux-oem-5.14 | 5.14.0-1048.55, 5.14.0-1050.57, 5.14.0-1034.37 |
| Ubuntu:Pro:FIPS-preview:22.04:LTS | linux-fips | 5.15.0-73.80+fips1, 0 |
| Ubuntu:16.04:LTS | linux-hwe-edge | *, *, 4.15.0-13.14~16.04.1 |
| Ubuntu:Pro:FIPS-updates:22.04:LTS | linux-fips | 5.15.0-107.117+fips1, *, * |
| Ubuntu:Pro:20.04:LTS | linux-nvidia-tegra-5.15 | 5.15.0-1039.39~20.04.1, 5.15.0-1030.30~20.04.1, 5.15.0-1027.27~20.04.1 |
| Ubuntu:24.04:LTS | linux-azure-nvidia-6.14 | 0, 6.14.0-1003.3, 6.14.0-1006.6 |
| Ubuntu:Pro:20.04:LTS | linux-aws | 5.4.0-1038.40, 5.4.0-1099.107, 5.4.0-1089.97 |
…and 219 more
Timeline
- May 24, 2021 CVE Published
- May 25, 2021 EPSS Score
- Jul 27, 2021 EPSS Score
- Nov 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 30, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 31, 2022 EPSS Score
- Sep 30, 2022 EPSS Score
- Dec 1, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-26559 third-party-advisory
- https://kb.cert.org/vuls/id/799380 third-party-advisory
- https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/authvalue-leak/ third-party-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1960011 third-party-advisory
- https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/ third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-26559 third-party-advisory