linux

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2026-05-05 13:29:17 -04:00

Go to file

Howard Chung cee5f20fec Bluetooth: secure bluetooth stack from bluedump attack

Attack scenario:
1. A Chromebook (let's call this device A) is paired to a legitimate
   Bluetooth classic device (e.g. a speaker) (let's call this device
   B).
2. A malicious device (let's call this device C) pretends to be the
   Bluetooth speaker by using the same BT address.
3. If device A is not currently connected to device B, device A will
   be ready to accept connection from device B in the background
   (technically, doing Page Scan).
4. Therefore, device C can initiate connection to device A
   (because device A is doing Page Scan) and device A will accept the
   connection because device A trusts device C's address which is the
   same as device B's address.
5. Device C won't be able to communicate at any high level Bluetooth
   profile with device A because device A enforces that device C is
   encrypted with their common Link Key, which device C doesn't have.
   But device C can initiate pairing with device A with just-works
   model without requiring user interaction (there is only pairing
   notification). After pairing, device A now trusts device C with a
   new different link key, common between device A and C.
6. From now on, device A trusts device C, so device C can at anytime
   connect to device A to do any kind of high-level hijacking, e.g.
   speaker hijack or mouse/keyboard hijack.

Since we don't know whether the repairing is legitimate or not,
leave the decision to user space if all the conditions below are met.
- the pairing is initialized by peer
- the authorization method is just-work
- host already had the link key to the peer

Signed-off-by: Howard Chung <howardchung@google.com>
Acked-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

2020-02-14 16:01:00 +01:00

arch

Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

2020-01-26 10:40:21 +01:00

block

block: fix an integer overflow in logical block size

2020-01-15 21:43:09 -07:00

certs

certs: Add wrapper function to check blacklisted binary hash

2019-11-12 12:25:50 +11:00

crypto

Merge tag 'tpmdd-next-20191219' of git://git.infradead.org/users/jjs/linux-tpmdd

2019-12-18 17:17:36 -08:00

Documentation

dt-bindings: net: bluetooth: Add device tree bindings for QTI chip WCN3991

2020-02-03 15:44:35 +01:00

drivers

Bluetooth: hci_uart: Replace zero-length array with flexible-array member

2020-02-13 08:28:38 +01:00

Merge tag 'for-5.5-rc8-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux

2020-01-25 10:55:24 -08:00

include

qed: FW 8.42.2.0 debug features

2020-01-27 14:35:32 +01:00

init

Merge ra.kernel.org:/pub/scm/linux/kernel/git/netdev/net

2020-01-19 22:10:04 +01:00

ipc

treewide: Use sizeof_field() macro

2019-12-09 10:36:44 -08:00

kernel

Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next

2020-01-27 14:31:40 +01:00

lib

bitmap: Introduce bitmap_cut(): cut bits and shift remaining

2020-01-27 08:54:30 +01:00

LICENSES

LICENSES: Rename other to deprecated

2019-05-03 06:34:32 -06:00

mm: memcg/slab: call flush_memcg_workqueue() only if memcg workqueue is valid

2020-01-13 18:19:02 -08:00

net

Bluetooth: secure bluetooth stack from bluedump attack

2020-02-14 16:01:00 +01:00

samples

Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next

2020-01-23 08:10:16 +01:00

scripts

Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

2020-01-26 10:40:21 +01:00

security

net: bridge: vlan: add rtm definitions and dump support

2020-01-15 13:48:17 +01:00

sound

Merge tag 'sound-5.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound

2020-01-17 08:38:35 -08:00

tools

Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next

2020-01-27 14:31:40 +01:00

usr

gen_initramfs_list.sh: fix 'bad variable name' error

2020-01-04 00:00:48 +09:00

virt

Merge tag 'kvm-ppc-fixes-5.5-1' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc into kvm-master

2019-12-22 13:18:15 +01:00

.clang-format

clang-format: Update with the latest for_each macro list

2019-08-31 10:00:51 +02:00

.cocciconfig

…

.get_maintainer.ignore

Opt out of scripts/get_maintainer.pl

2019-05-16 10:53:40 -07:00

.gitattributes

.gitattributes: use 'dts' diff driver for dts files

2019-12-04 19:44:11 -08:00

.gitignore

modpost: dump missing namespaces into a single modules.nsdeps file

2019-11-11 20:10:01 +09:00

.mailmap

MAINTAINERS: update my email address

2020-01-11 14:33:39 -08:00

COPYING

COPYING: use the new text with points to the license files

2018-03-23 12:41:45 -06:00

CREDITS

Merge tag 'v5.4-rc4' into docs-next

2019-10-29 04:43:29 -06:00

Kbuild

kbuild: do not descend to ./Kbuild when cleaning

2019-08-21 21:03:58 +09:00

Kconfig

docs: kbuild: convert docs to ReST and rename to *.rst

2019-06-14 14:21:21 -06:00

MAINTAINERS

MAINTAINERS: Add entry for Marvell OcteonTX2 Physical Function driver

2020-01-27 14:33:40 +01:00

Makefile

Linux 5.5-rc7

2020-01-19 16:02:49 -08:00

README

Drop all 00-INDEX files from Documentation/

2018-09-09 15:08:58 -06:00

README

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.

Languages

C 97%

Assembly 1%

Shell 0.6%

Rust 0.5%

Python 0.4%

Other 0.3%