iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
890,519 Commits 104 Branches 1,843 Tags 5.7 GiB
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%
cee5f20fec
Go to file
Howard Chung cee5f20fec Bluetooth: secure bluetooth stack from bluedump attack 
Attack scenario:
1. A Chromebook (let's call this device A) is paired to a legitimate
   Bluetooth classic device (e.g. a speaker) (let's call this device
   B).
2. A malicious device (let's call this device C) pretends to be the
   Bluetooth speaker by using the same BT address.
3. If device A is not currently connected to device B, device A will
   be ready to accept connection from device B in the background
   (technically, doing Page Scan).
4. Therefore, device C can initiate connection to device A
   (because device A is doing Page Scan) and device A will accept the
   connection because device A trusts device C's address which is the
   same as device B's address.
5. Device C won't be able to communicate at any high level Bluetooth
   profile with device A because device A enforces that device C is
   encrypted with their common Link Key, which device C doesn't have.
   But device C can initiate pairing with device A with just-works
   model without requiring user interaction (there is only pairing
   notification). After pairing, device A now trusts device C with a
   new different link key, common between device A and C.
6. From now on, device A trusts device C, so device C can at anytime
   connect to device A to do any kind of high-level hijacking, e.g.
   speaker hijack or mouse/keyboard hijack.

Since we don't know whether the repairing is legitimate or not,
leave the decision to user space if all the conditions below are met.
- the pairing is initialized by peer
- the authorization method is just-work
- host already had the link key to the peer

Signed-off-by: Howard Chung <howardchung@google.com>
Acked-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2020-02-14 16:01:00 +01:00
arch Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-01-26 10:40:21 +01:00
block block: fix an integer overflow in logical block size 2020-01-15 21:43:09 -07:00
certs certs: Add wrapper function to check blacklisted binary hash 2019-11-12 12:25:50 +11:00
crypto tpmdd fixes for Linux v5.5-rc3 2019-12-18 17:17:36 -08:00
Documentation dt-bindings: net: bluetooth: Add device tree bindings for QTI chip WCN3991 2020-02-03 15:44:35 +01:00
drivers Bluetooth: hci_uart: Replace zero-length array with flexible-array member 2020-02-13 08:28:38 +01:00
fs for-5.5-rc8-tag 2020-01-25 10:55:24 -08:00
include qed: FW 8.42.2.0 debug features 2020-01-27 14:35:32 +01:00
init Merge ra.kernel.org:/pub/scm/linux/kernel/git/netdev/net 2020-01-19 22:10:04 +01:00
ipc treewide: Use sizeof_field() macro 2019-12-09 10:36:44 -08:00
kernel Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2020-01-27 14:31:40 +01:00
lib bitmap: Introduce bitmap_cut(): cut bits and shift remaining 2020-01-27 08:54:30 +01:00
LICENSES
mm mm: memcg/slab: call flush_memcg_workqueue() only if memcg workqueue is valid 2020-01-13 18:19:02 -08:00
net Bluetooth: secure bluetooth stack from bluedump attack 2020-02-14 16:01:00 +01:00
samples Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2020-01-23 08:10:16 +01:00
scripts Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-01-26 10:40:21 +01:00
security net: bridge: vlan: add rtm definitions and dump support 2020-01-15 13:48:17 +01:00
sound sound fixes for 5.5-rc7 2020-01-17 08:38:35 -08:00
tools Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2020-01-27 14:31:40 +01:00
usr gen_initramfs_list.sh: fix 'bad variable name' error 2020-01-04 00:00:48 +09:00
virt PPC KVM fix for 5.5 2019-12-22 13:18:15 +01:00
.clang-format clang-format: Update with the latest for_each macro list 2019-08-31 10:00:51 +02:00
.cocciconfig
.get_maintainer.ignore
.gitattributes .gitattributes: use 'dts' diff driver for dts files 2019-12-04 19:44:11 -08:00
.gitignore modpost: dump missing namespaces into a single modules.nsdeps file 2019-11-11 20:10:01 +09:00
.mailmap MAINTAINERS: update my email address 2020-01-11 14:33:39 -08:00
COPYING
CREDITS Linux 5.4-rc4 2019-10-29 04:43:29 -06:00
Kbuild kbuild: do not descend to ./Kbuild when cleaning 2019-08-21 21:03:58 +09:00
Kconfig
MAINTAINERS MAINTAINERS: Add entry for Marvell OcteonTX2 Physical Function driver 2020-01-27 14:33:40 +01:00
Makefile Linux 5.5-rc7 2020-01-19 16:02:49 -08:00
README

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.