CVE-2020-10369

MEDIUM

Cypress/Broadcom Wireless Combo - Info Disclosure

Title source: llm

Description

Certain Cypress (and Broadcom) Wireless Combo chips, when a January 2021 firmware update is not present, allow inferences about memory content via a "Spectra" attack.

References (4)

Core 4

Core References

Various Sources

https://www.informatik.tu-darmstadt.de/fb20/aktuelles_fb20/fb20_neuigkeiten/neuigkeiten_fb20_details_203136.de.jsp

Various Sources

https://www.informatik.tu-darmstadt.de/seemoo/team_seemoo/jiska_classen/index.en.jsp

Issue Tracking

https://bugzilla.redhat.com/show_bug.cgi?id=2052676

Patch

https://github.com/RPi-Distro/bluez-firmware/commit/8445a53ce2c51a77472b908a0c8f6f8e1fa5c37a

View Patch ZIP pw:eip

Scores

CVSS v3 5.5

EPSS 0.0008

EPSS Percentile 23.6%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-203

Status published

Published Nov 10, 2024

Tracked Since Feb 18, 2026