The latest security information on Intel® products.
Bluetooth® pairing vulnerability
| Intel ID: |
INTEL-SA-00128 |
|---|---|
| Product family: |
Intel® Dual Band Wireless-AC, Intel® Tri-Band Wireless-AC and Intel® Wireless-AC family of products |
| Impact of vulnerability: |
Escalation of Privilege, Denial of Service, Information Disclosure |
| Severity rating: |
High |
| Original release: |
07/23/2018 |
| Last revised: |
07/23/2018 |
Summary:
Bluetooth Pairing update.
Description:
A vulnerability in Bluetooth® pairing potentially allows an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth® devices. This may result in information disclosure, elevation of privilege and/or denial of service.
• CVSS:3:0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Score: 7.1 (High)
Affected products:
• For Microsoft Windows* (Windows* 7, 8.1 and 10)
Affected Products |
Versions with vulnerability |
Versions with an update resolving the vulnerability |
Update source |
Intel® Dual Band Wireless-AC 3160 |
All Intel® PROSet/Wireless for Bluetooth Technology Software releases prior to v20.60
|
Intel® PROSet/Wireless for Bluetooth Technology Software release v20.60 and later
|
Check with your system manufacturer to see if they provide an updated Bluetooth driver.
Alternatively, you can use the Intel® Driver and Support Assistant to identify and update your driver directly from Intel. The Driver and Support Assistant can be found at https://www.intel.com/content/www/us/en/support.html.
You can also download the latest available Bluetooth driver here. |
Intel® Wireless-N 7260 |
|||
Intel® Dual Band Wireless-N 7260 |
|||
Intel® Dual Band Wireless-AC 7260 |
|||
Intel® Dual Band Wireless-AC 7260 for Desktop |
|||
Intel® Dual Band Wireless-AC 3165 |
|||
Intel® Dual Band Wireless-AC 3168 |
|||
Intel® Wireless-N 7265 |
|||
Intel® Dual Band Wireless-N 7265 |
|||
Intel® Dual Band Wireless-AC 7265 |
|||
Intel® Tri-Band Wireless-AC 17265 |
|||
Intel® Dual Band Wireless-AC 8260 |
|||
Intel® Tri-Band Wireless-AC 18260 |
|||
Intel® Dual Band Wireless-AC 8265 |
|||
Intel® Dual Band Wireless-AC 8265 Desktop Kit |
|||
Intel® Tri-Band Wireless-AC 18265 |
|||
Intel® Wireless-AC 9260 |
|||
Intel® Wireless-AC 9461 |
|||
Intel® Wireless-AC 9462 |
|||
Intel® Wireless-AC 9560 |
• For Google Chrome OS
For any Google Chrome OS solution and schedule, please contact Google directly.
Affected Products |
Versions with vulnerability |
Versions with an update resolving the vulnerability |
Intel® Dual Band Wireless-AC 7260 Intel® Dual Band Wireless-AC 7265
|
Intel® Bluetooth FW binary with an update resolving the vulnerability has been provided to Google. |
|
Google Chrome OS |
In addition, a Chrome OS update is also required. |
|
• For Linux OS
Consult the regular Open Source channels to obtain this update.
Affected Products |
Versions with vulnerability |
Versions with an update resolving the vulnerability |
Intel® Dual Band Wireless-AC 3160 Intel® Wireless-N 7260 Intel® Dual Band Wireless-N 7260 Intel® Dual Band Wireless-AC 7260 Intel® Dual Band Wireless-AC 7260 for Desktop Intel® Dual Band Wireless-AC 3165 Intel® Dual Band Wireless-AC 3168 Intel® Dual Band Wireless-AC 8260 Intel® Tri-Band Wireless-AC 18260 Intel® Dual Band Wireless-AC 8265 Intel® Dual Band Wireless-AC 8265 Desktop Kit Intel® Tri-Band Wireless-AC 18265 Intel® Wireless-AC 9260 Intel® Wireless-AC 9461 Intel® Wireless-AC 9462 Intel® Wireless-AC 9560 Intel® Dual Band Wireless-AC 7265 Intel® Wireless-N 7265 Intel® Dual Band Wireless-N 7265 Intel® Dual Band Wireless-AC 7265 Intel® Tri-Band Wireless-AC 17265 |
Intel® Bluetooth FW binary with an update resolving the vulnerability has been provided to the Linux community.
|
|
Linux OS |
Any Linux kernel version 3.19 and higher will also need an update. Consult the regular Open Source channels to obtain this update.
Note: Linux kernel versions prior to 3.19 are not affected since ‘LE Secure Connections’ functionality is not supported in these older Linux kernel versions. |
|
Recommendations:
Intel highly recommends that users with affected drivers download and upgrade to the latest supported driver.
• Check with your system manufacturer to see if they provide an updated Bluetooth driver.
• Intel provides the Intel® Driver & Support Assistant on Intel.com to assist customers in identifying and installing the correct driver for their system. The Driver and Support Assistant can be found at https://www.intel.com/content/www/us/en/support.html.
• Customers can also download the latest available drivers from the Intel Customer Support site.
Acknowledgements:
Intel would like to thank Eli Biham and Lior Neumann from Technion – Israel Institute of Technology - for reporting this issue and working with us on coordinated disclosure.
CVE Name: CVE-2018-5383
Legal Notices and Disclaimers
Intel provides these materials as-is, with no express or implied warranties.
All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.
Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.
Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article.
Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.
Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.
© Intel Corporation. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries United States and other countries. Other names and brands may be claimed as the property of others.
Report a Vulnerability
If you have information about a security issue or vulnerability with an Intel branded product or technology, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.
Please provide as much information as possible, including:
- The products and versions affected
- Detailed description of the vulnerability
- Information on known exploits
A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:
For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.
Need product support?
If you...
- Have questions about the security features of an Intel product
- Require technical support
- Want product updates or patches
Please visit Support & Downloads.