Ubuntu
pi-bluetooth package

Is the BIAS vulnerable fixed? (Bluetooth Impersonation AttackS / CVE-2020-10135)

Asked by Anja Sur on 2020-06-25

Hello,

is the BIAS (Bluetooth Impersonation AttackS / CVE-2020-10135) vulnerable fixed?
A Raspberry Pi Engineer posted there is a fix available:
https://www.raspberrypi.org/forums/viewtopic.php?p=1667781#p1667781

BIAS infos:
https://francozappa.github.io/about-bias/
https://kb.cert.org/vuls/id/647177

Summary:
As a result, an attacker can impersonate a device towards the host after both have previously been successfully paired in absence of the attacker.

Question information

Language:: English Edit question

Status:: Expired

For:: Ubuntu pi-bluetooth Edit question

Assignee:: No assignee Edit question

Last query:: 2020-06-25

Last reply:: 2020-07-11

Link existing bug

Revision history for this message

Hans Joachim Desserud (hjd) said on 2020-07-06:

While I cannot answer the actual question I don't see any links to existing bug reports on the CVE page https://bugs.launchpad.net/bugs/cve/2020-10135. Normally when a security bug is reporting (or fixed via upload) the bug report adds a link to the CVE to be able to cross-reference and track across releases.

Revision history for this message

Launchpad Janitor (janitor) said on 2020-07-11:

This question was expired because it remained in the 'Open' state without activity for the last 15 days.

To post a message you must log in.

Ask a question

Edit question

Ubuntupi-bluetooth package

Is the BIAS vulnerable fixed? (Bluetooth Impersonation AttackS / CVE-2020-10135)

Question information

Related bugs

Related FAQ:

Subscribers

Ubuntu
pi-bluetooth package