Description: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack
References:
 https://kb.cert.org/vuls/id/799380
 https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/impersonation-pin-pairing/
 https://bugzilla.redhat.com/show_bug.cgi?id=1918601
 https://bodhi.fedoraproject.org/updates/FEDORA-2021-a35b44fd9f
 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html
Notes:
 bwh> Fedora claims this was fixed along with CVE-2020-26558 in
 bwh> 5.12.7, which implies the upstream fix is commit 6d19628f539f
 bwh> "Bluetooth: SMP: Fail if remote and local public keys are
 bwh> identical". But it's not clear to me that that commit
 bwh> addresses this issue too.
 bwh> Intel claims to have addressed this for their Bluetooth
 bwh> adapters in a firmware update.
Bugs:
upstream:
5.10-upstream-stable:
4.19-upstream-stable:
4.9-upstream-stable:
sid:
5.10-bullseye-security:
4.19-buster-security:
4.9-stretch-security: