CVE-2020-10370

Certain Cypress (and Broadcom) Wireless Combo chips such as CYW43455, when a 2021-01-26 Bluetooth firmware update is not present, allow a Bluetooth outage via a "Spectra" attack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CISA-ADPADP
8.8 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
Debian logo
Debian Releases
Debian Product
Codename
bluez-firmware
bullseye/non-free
1.2-4
fixed
bookworm/non-free-firmware
1.2-9
fixed
trixie/non-free-firmware
1.2-11.1
fixed
sid/non-free-firmware
1.2-12
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
bluez-firmware
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
not-affected
jammy
not-affected
xenial
ignored
trusty
ignored
linux-firmware-raspi2
noble
dne
mantic
dne
lunar
dne
kinetic
dne
jammy
dne
impish
not-affected
focal
needed
bionic
needed
xenial
ignored
trusty
ignored
References
https://bugzilla.redhat.com/show_bug.cgi?id=2052676
https://github.com/RPi-Distro/bluez-firmware/commit/8445a53ce2c51a77472b908a0c8f6f8e1fa5c37a
https://security-tracker.debian.org/tracker/CVE-2020-10370
https://www.informatik.tu-darmstadt.de/fb20/aktuelles_fb20/fb20_neuigkeiten/neuigkeiten_fb20_details_203136.de.jsp
https://www.informatik.tu-darmstadt.de/seemoo/team_seemoo/jiska_classen/index.en.jsp