Vulnerability
CVE-2020-26558
Component: BLUETOOTH
Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time.
Impact
Severity (Manufact.)
CRITICAL
Severity (NIST)
4.2
Severity (Android)
N/A
Chipsets
11
Devices
505
Affected Hardware
| Name | Also known as | Manufacturer |
|---|---|---|
| MSM8208 | Snapdragon 208 | Qualcomm |
| MSM8917 | Snapdragon 425 | Qualcomm |
| MSM8920 | Snapdragon 427 | Qualcomm |
| MSM8937 | Snapdragon 430 | Qualcomm |
| MSM8940 | Snapdragon 435 | Qualcomm |
| MSM8953 | Snapdragon 625 | Qualcomm |
| SM6150 | Snapdragon 675 | Qualcomm |
| SM8350 | Snapdragon 888 | Qualcomm |
| SC8180 | Snapdragon 8c | Qualcomm |
| SC8180X | Snapdragon 8cx | Qualcomm |
11 of 11 row(s) shown.
Rows per page
Page 1 of 2
Information reliability
The information on this website is intended to provide information on the big picture of chipset security and measure trends within the industry. Our information is obtained from several vantage points, checked for consistency, and automatically cross-referenced. However, this process may not always yield reliable information. Do not use the information on a particular vulnerability, chipset or device to verify your individual exposure in cases where inaccuracies are inacceptable, for instance to assess risks if you are a Politically Exposed Person.
Timeline
Introduced (est):
Jan 1, 2014
Reported:
Sep 14, 2020
Advisory Published:
Jun 7, 2021
CVE Published:
May 24, 2021
Android Patch Level:
Jun 2021
