Unrated severityNVD Advisory· Published May 8, 2020· Updated Aug 4, 2024

CVE-2020-6616

Description

Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo Random Number Generator (PRNG) is used in situations where a Hardware Random Number Generator (HRNG) should have been used to prevent spoofing. This affects, for example, Samsung Galaxy S8, S8+, and Note8 devices with the BCM4361 chipset. The Samsung ID is SVE-2020-16882 (May 2020).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Broadcom/Broadcom chipsdescription
Samsung Mobile/Galaxy Note8llm-create
Broadcom Corporation/BCM4361llm-create
Samsung Mobile/Galaxy S8+llm-fuzzy

Patches

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

bluetooth.lolmitrex_refsource_MISC
seclists.org/fulldisclosure/2020/May/49mitremailing-listx_refsource_FULLDISC
github.com/seemoo-lab/internalblue/blob/master/doc/rng.mdmitrex_refsource_MISC
media.ccc.de/v/DiVOC-6-finding_eastereggs_in_broadcom_s_bluetooth_random_number_generatormitrex_refsource_MISC
security.samsungmobile.com/securityUpdate.smsbmitrex_refsource_CONFIRM
support.apple.com/HT211168mitrex_refsource_CONFIRM
support.apple.com/kb/HT211100mitrex_refsource_CONFIRM
support.apple.com/kb/HT211168mitrex_refsource_CONFIRM
twitter.com/naehrdine/status/1255980443368919045mitrex_refsource_MISC
twitter.com/naehrdine/status/1255981245147877377mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000