Skip to content

CVE-2018-19860 in Bluetooth firmware #3174

New issue
New issue
Open
Open
CVE-2018-19860 in Bluetooth firmware#3174
Labels
Bluetooth Issuepelwell_there_is_no_escapeWaiting for internal commentWaiting for comment from a member of the Raspberry Pi engineering team
@lategoodbye

Description

@lategoodbye
lategoodbye
opened on Aug 22, 2019

Is this the right place for my bug report?
I hope it's okay to open this Bluetooth firmware issue here

Describe the bug
Bluetooth firmware does not properly restrict LMP commands and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command.

To reproduce
Please follow this project:
https://github.com/seemoo-lab/internalblue

System

  • Which model of Raspberry Pi? Pi 3B, 3B+ and 4B

Additional context
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19860

According to this bulletin this issue has been fixed for Android, so there must be a fixed firmware.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Bluetooth Issuepelwell_there_is_no_escapeWaiting for internal commentWaiting for comment from a member of the Raspberry Pi engineering team

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions