CVE-2020-6616
MEDIUM | Platform: iPadOS | Changelog
CVE Details
Description
Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo Random Number Generator (PRNG) is used in situations where a Hardware Random Number Generator (HRNG) should have been used to prevent spoofing. This affects, for example, Samsung Galaxy S8, S8+, and Note8 devices with the BCM4361 chipset. The Samsung ID is SVE-2020-16882 (May 2020).
CVSS 3.1 Score
| Metric | Value |
|---|---|
| Base Score | 6.5 (MEDIUM) |
| Vector | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
References
- Apple Security Advisory
- NVD Entry
- http://bluetooth.lol (Third Party Advisory)
- http://seclists.org/fulldisclosure/2020/May/49 (Mailing List, Third Party Advisory)
- https://github.com/seemoo-lab/internalblue/blob/master/doc/rng.md (Third Party Advisory)
- https://media.ccc.de/v/DiVOC-6-finding_eastereggs_in_broadcom_s_bluetooth_random_number_generator (Exploit, Third Party Advisory)
- https://security.samsungmobile.com/securityUpdate.smsb (Vendor Advisory)
- https://support.apple.com/HT211168 (Third Party Advisory)
- https://support.apple.com/kb/HT211100 (Third Party Advisory)