CVE-2018-5383 (Bluetooth MITM)

Heads up: Alternative firmware users (such as LOS users) should have to update your manually soon (assuming its updated soon) given CVE-2018-5383

An unauthenticated, remote attacker within range may be able to utilize a man-in-the-middle network position to determine the cryptographic keys used by the device. The attacker can then intercept and decrypt and/or forge and inject device messages.

1 Like

TL;DR: In order to fix CVE-2018-5383 on custom ROMs (such as LineageOS), there is no need to update the file.

Bluetooth and wifi firmware is included within the ROM as a binary blob and resides on the /system partition, therefore it should be sufficient to update the custom ROM once the new updated blobs are included.

We’ll have to wait for Fairphone to ship a new version of the bluetooth blobs with their next Fairphone OS release until the community can include them in custom ROMs.


This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.