Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo Random Number Generator (PRNG) is used in situations where a Hardware Random Number Generator (HRNG) should have been used to prevent spoofing. This affects, for example, Samsung Galaxy S8, S8+, and Note8 devices with the BCM4361 chipset. The Samsung ID is SVE-2020-16882 (May 2020).

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:A/AC:L/Au:N/C:N/I:P/A:N
Vendors Products
Apple
  • Iphone Os
  • Mac Os X
  • Ipados
Samsung
  • Galaxy Note8
  • Galaxy S8 Plus
  • Galaxy S8
Google
  • Android

Configuration 1 [-]

AND
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
OR cpe:2.3:h:samsung:galaxy_note8:-:*:*:*:*:*:*:*
cpe:2.3:h:samsung:galaxy_s8:-:*:*:*:*:*:*:*
cpe:2.3:h:samsung:galaxy_s8_plus:-:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-002:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-003:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-004:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-005:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-006:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-007:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-001:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.13.6:supplemental_update:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update_2:*:*:*:*:*:*
References
Link Resource
http://bluetooth.lol Third Party Advisory
http://seclists.org/fulldisclosure/2020/May/49 Mailing List Third Party Advisory
https://github.com/seemoo-lab/internalblue/blob/master/doc/rng.md Third Party Advisory
https://media.ccc.de/v/DiVOC-6-finding_eastereggs_in_broadcom_s_bluetooth_random_number_generator Exploit Third Party Advisory
https://security.samsungmobile.com/securityUpdate.smsb Vendor Advisory
https://support.apple.com/HT211168 Third Party Advisory
https://support.apple.com/kb/HT211100 Third Party Advisory
https://support.apple.com/kb/HT211168 Third Party Advisory
https://twitter.com/naehrdine/status/1255980443368919045 Third Party Advisory
https://twitter.com/naehrdine/status/1255981245147877377 Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-05-08T19:50:28

Updated: 2020-06-11T14:57:54

Reserved: 2020-01-08T00:00:00

Link: CVE-2020-6616

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2020-05-08T20:15:12.437

Modified: 2023-01-09T16:41:59.350

Link: CVE-2020-6616

JSON object: View

cve-icon Redhat Information

No data.

CWE