Certain Cypress (and Broadcom) Wireless Combo chips such as CYW43455, when a 2021-01-26 Bluetooth firmware update is not present, allow a Bluetooth outage via a Spectra attack.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Bluez-firmware | Ubuntu | trusty | * |
| Bluez-firmware | Ubuntu | xenial | * |
| Linux-firmware-raspi2 | Ubuntu | bionic | * |
| Linux-firmware-raspi2 | Ubuntu | esm-infra/bionic | * |
| Linux-firmware-raspi2 | Ubuntu | focal | * |
| Linux-firmware-raspi2 | Ubuntu | trusty | * |
| Linux-firmware-raspi2 | Ubuntu | upstream | * |
| Linux-firmware-raspi2 | Ubuntu | xenial | * |
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2052676
- https://github.com/RPi-Distro/bluez-firmware/commit/8445a53ce2c51a77472b908a0c8f6f8e1fa5c37a
- https://security-tracker.debian.org/tracker/CVE-2020-10370
- https://www.informatik.tu-darmstadt.de/fb20/aktuelles_fb20/fb20_neuigkeiten/neuigkeiten_fb20_details_203136.de.jsp
- https://www.informatik.tu-darmstadt.de/seemoo/team_seemoo/jiska_classen/index.en.jsp