{"id":"USN-4351-1","summary":"linux-firmware vulnerability","details":"Eli Biham and Lior Neumann discovered that certain Bluetooth devices\nincorrectly validated key exchange parameters. An attacker could possibly\nuse this issue to obtain sensitive information.\n","modified":"2026-03-10T02:38:36.221936Z","published":"2020-05-06T15:18:12Z","related":["UBUNTU-CVE-2018-5383"],"upstream":["CVE-2018-5383","UBUNTU-CVE-2018-5383"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4351-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-5383"}],"affected":[{"package":{"name":"linux-firmware","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/linux-firmware@1.157.23?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.157.23"}]}],"versions":["1.149","1.150","1.152","1.153","1.154","1.155","1.156","1.157","1.157.1","1.157.2","1.157.3","1.157.4","1.157.5","1.157.6","1.157.8","1.157.10","1.157.11","1.157.12","1.157.13","1.157.14","1.157.15","1.157.16","1.157.17","1.157.18","1.157.19","1.157.20","1.157.21","1.157.22"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"linux-firmware","binary_version":"1.157.23"},{"binary_name":"nic-firmware","binary_version":"1.157.23"},{"binary_name":"scsi-firmware","binary_version":"1.157.23"}]},"database_specific":{"cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2018-5383"}],"ecosystem":"Ubuntu:16.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4351-1.json"}},{"package":{"name":"linux-firmware","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/linux-firmware@1.173.18?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.173.18"}]}],"versions":["1.169","1.170","1.171","1.172","1.173","1.173.1","1.173.2","1.173.3","1.173.5","1.173.6","1.173.8","1.173.9","1.173.12","1.173.13","1.173.14","1.173.15","1.173.16","1.173.17"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"linux-firmware","binary_version":"1.173.18"},{"binary_name":"nic-firmware","binary_version":"1.173.18"},{"binary_name":"scsi-firmware","binary_version":"1.173.18"}]},"database_specific":{"cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2018-5383"}],"ecosystem":"Ubuntu:18.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4351-1.json"}}],"schema_version":"1.7.3"}