{
  "threat_severity" : "Important",
  "public_date" : "2018-07-23T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange",
    "id" : "1614159",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1614159"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.1",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-325",
  "details" : [ "Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.", "A vulnerability in Bluetooth pairing potentially allows an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth devices. This may result in information disclosure, elevation of privilege and/or denial of service." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2019-08-06T00:00:00Z",
    "advisory" : "RHSA-2019:2169",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "linux-firmware-0:20190429-72.gitddde598.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "linux-firmware",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "linux-firmware",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "fix_state" : "Affected",
    "package_name" : "linux-firmware",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2"
  }, {
    "product_name" : "Red Hat Virtualization 4",
    "fix_state" : "Not affected",
    "package_name" : "linux-firmware",
    "cpe" : "cpe:/o:redhat:rhev_hypervisor:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2018-5383\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5383\nhttps://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00128.html\nhttps://www.kb.cert.org/vuls/id/304725" ],
  "name" : "CVE-2018-5383",
  "csaw" : false
}