tdec/gist:128751d818e9753364a72086b961390b

## gistfile1.txt
Vulnerabilities published by Bluetooth SIG, Android, Apple, Intel and Qualcomm security bulletins, published at security conferences or as master thesis. If any are missing, thanks for pointing me to them !
Todo: macOS

Year | Name | CVE

2020 | Blurtooth: Exploiting Cross-Transport Key Derivation         | 2020-15802
2020 | Pairing Method Confusion                                     | 2020-10134
2020 | BIAS: Bluetooth Impersonation Attacks                        | 2020-10135
2020 | BlueRepli                                                    | ?
2020 | BLESA: Bluetooth Low energy spoofing attacks                 | 2020-9770
2020 | Bluefrag                                                     | 2020-0022
2020 | Sweyntooth: Multiple BLE SDK vulnerabilities                 | Multiple CVE
2020 | Bluetooth traffic intercept due to low entropy HRNG/PRNG     | 2020-6616
2020 | remote code execution                                        | 2020-9838
2020 | Denial of Service                                            | 2020-9931
2020 | BleedingTooth: BlueZ EoP via adjacent access                 | 2020-12351
2020 | BlueZ information disclosure via adjacent access             | 2020-12352
2020 | BlueZ DoS via adjacent access                                | 2020-24490
2020 | BlueZ < 5.55 gatttool double free                            | 2020-27153
2020 | BlueZ < 5.54 EoP and DoS                                     | 2020-0556
2020 | Intel Wireless Bluetooth local access EoP                    | 2020-0555
2020 | Intel Wireless Bluetooth infoleak on Windows 10              | 2020-0553
2020 | Intel Wireless Bluetooth DoS                                 | 2020-14620
2020 | Qualcomm GATT data out of bounds read                        | 2020-11153
2020 | Qualcomm PDU data packet buffer overflow                     | 2020-11154
2020 | Qualcomm PDU data packet buffer overflow #2                  | 2020-11155
2020 | Qualcomm L2CAP buffer over-read                              | 2020-11141
2020 | Qualcomm L2CAP buffer over-read #2                           | 2020-11156
2020 | Qualcomm control message DoS                                 | 2020-11157
2020 | Qualcomm L2CAP integer overflow                              | 2020-11169
2020 | Nordic Semiconductor Stripping encryption from BLE library   | 2020-15509
2020 | Nordic Semiconductor nrf52 APPROTECT bypass via fault injection | ?
2020 | Spectra: Wi-Fi -> Bluetooth DoS 			            | 2020-10370
2020 | Spectra: Side-channel info leak 			            | 2020-10369
2020 | Spectra: Broadcom Wi-Fi RAM info leak 		            | 2020-10368
2020 | Spectra: Broadcom Wi-Fi RAM arbitrary code execution	    | 2020-10367
2020 | Silicon Labs BLE EFR32 RCE				    | 2020-15531
2020 | Silicon Labs BLE EFR32 DoS				    | 2020-15532


2019 | KNOB: Key Negotiation of Bluetooth                           | 2019-9506
2019 | intercept BLE traffic during pairing                         | 2019-2102
2019 | Qualcomm SoC LMP packet buffer overflow                      | 2019-14095
2019 | Broadcom Host device buffer misconfiguration RCE             | 2019-18614
2019 | Broadcom Extended Inquiry Response RCE                       | 2019-11516
2019 | Broadcom  Bug in BLE PDU parsing allowing RCE                | 2019-13916
2019 | Broadcom LMP start_encryption_request DoS 		    | 2019-6994
2019 | Spectra: Broadcom Coexistence lock DoS (iOS/Android) 	    | 2019-15063
2019 | BadBluetooth                                                 | ?
2019 | Texas Instruments CC256x/WL18xx RCE			    | 2019-15948


2018 | bluetoothd memory corruption                                 | 2018-4095
2018 | iOS Core Bluetooth arbitrary code execution                  | 2018-4087
2018 | Fixed Coordinate Invalid Curve Attack                        | 2018-5383
2018 | InternalBlue: LMP to HCI Handler Escalation Attack           | 2018-19860
2018 | Android hidp_process_report integer overflow                 | 2018-9363
2018 | BlueZ < 5.51 unauthorized pairing                            | 2018-10910
2018 | Intel Centrino Wireless DoS                                  | 2018-3669
2018 | BleedingBit: Texas Instruments RCE on Cisco/Meraki AP's      | 2018-16986
2018 | BleedingBit: Texas Instruments RCE on Aruba AP's             | 2018-7080

2017 | Blueborne: Multiple Bluetooth Implementation Vulnerabilities | Multiple CVE
2017 | Android LE advertising data length issue                     | 2017-0646
2017 | Android EoP                                                  | 2017-13220
2017 | BlueZ (2.6.32-4.13.1) L2CAP config response stack overflow   | 2017-1000251
2017 | BlueZ < 5.46 SDP search information disclosure               | 2017-1000250
2017 | Qualcomm BT controller RAM dump information leak             | 2017-15841
2017 | Qualcomm BT controller integer underflow                     | 2017-18170
2017 | Qualcomm BT controller system reset DoS                      | 2017-18283
	Vulnerabilities published by Bluetooth SIG, Android, Apple, Intel and Qualcomm security bulletins, published at security conferences or as master thesis. If any are missing, thanks for pointing me to them !
	Todo: macOS

	Year \| Name \| CVE

	2020 \| Blurtooth: Exploiting Cross-Transport Key Derivation \| 2020-15802
	2020 \| Pairing Method Confusion \| 2020-10134
	2020 \| BIAS: Bluetooth Impersonation Attacks \| 2020-10135
	2020 \| BlueRepli \| ?
	2020 \| BLESA: Bluetooth Low energy spoofing attacks \| 2020-9770
	2020 \| Bluefrag \| 2020-0022
	2020 \| Sweyntooth: Multiple BLE SDK vulnerabilities \| Multiple CVE
	2020 \| Bluetooth traffic intercept due to low entropy HRNG/PRNG \| 2020-6616
	2020 \| remote code execution \| 2020-9838
	2020 \| Denial of Service \| 2020-9931
	2020 \| BleedingTooth: BlueZ EoP via adjacent access \| 2020-12351
	2020 \| BlueZ information disclosure via adjacent access \| 2020-12352
	2020 \| BlueZ DoS via adjacent access \| 2020-24490
	2020 \| BlueZ < 5.55 gatttool double free \| 2020-27153
	2020 \| BlueZ < 5.54 EoP and DoS \| 2020-0556
	2020 \| Intel Wireless Bluetooth local access EoP \| 2020-0555
	2020 \| Intel Wireless Bluetooth infoleak on Windows 10 \| 2020-0553
	2020 \| Intel Wireless Bluetooth DoS \| 2020-14620
	2020 \| Qualcomm GATT data out of bounds read \| 2020-11153
	2020 \| Qualcomm PDU data packet buffer overflow \| 2020-11154
	2020 \| Qualcomm PDU data packet buffer overflow #2 \| 2020-11155
	2020 \| Qualcomm L2CAP buffer over-read \| 2020-11141
	2020 \| Qualcomm L2CAP buffer over-read #2 \| 2020-11156
	2020 \| Qualcomm control message DoS \| 2020-11157
	2020 \| Qualcomm L2CAP integer overflow \| 2020-11169
	2020 \| Nordic Semiconductor Stripping encryption from BLE library \| 2020-15509
	2020 \| Nordic Semiconductor nrf52 APPROTECT bypass via fault injection \| ?
	2020 \| Spectra: Wi-Fi -> Bluetooth DoS \| 2020-10370
	2020 \| Spectra: Side-channel info leak \| 2020-10369
	2020 \| Spectra: Broadcom Wi-Fi RAM info leak \| 2020-10368
	2020 \| Spectra: Broadcom Wi-Fi RAM arbitrary code execution \| 2020-10367
	2020 \| Silicon Labs BLE EFR32 RCE \| 2020-15531
	2020 \| Silicon Labs BLE EFR32 DoS \| 2020-15532


	2019 \| KNOB: Key Negotiation of Bluetooth \| 2019-9506
	2019 \| intercept BLE traffic during pairing \| 2019-2102
	2019 \| Qualcomm SoC LMP packet buffer overflow \| 2019-14095
	2019 \| Broadcom Host device buffer misconfiguration RCE \| 2019-18614
	2019 \| Broadcom Extended Inquiry Response RCE \| 2019-11516
	2019 \| Broadcom Bug in BLE PDU parsing allowing RCE \| 2019-13916
	2019 \| Broadcom LMP start_encryption_request DoS \| 2019-6994
	2019 \| Spectra: Broadcom Coexistence lock DoS (iOS/Android) \| 2019-15063
	2019 \| BadBluetooth \| ?
	2019 \| Texas Instruments CC256x/WL18xx RCE \| 2019-15948


	2018 \| bluetoothd memory corruption \| 2018-4095
	2018 \| iOS Core Bluetooth arbitrary code execution \| 2018-4087
	2018 \| Fixed Coordinate Invalid Curve Attack \| 2018-5383
	2018 \| InternalBlue: LMP to HCI Handler Escalation Attack \| 2018-19860
	2018 \| Android hidp_process_report integer overflow \| 2018-9363
	2018 \| BlueZ < 5.51 unauthorized pairing \| 2018-10910
	2018 \| Intel Centrino Wireless DoS \| 2018-3669
	2018 \| BleedingBit: Texas Instruments RCE on Cisco/Meraki AP's \| 2018-16986
	2018 \| BleedingBit: Texas Instruments RCE on Aruba AP's \| 2018-7080

	2017 \| Blueborne: Multiple Bluetooth Implementation Vulnerabilities \| Multiple CVE
	2017 \| Android LE advertising data length issue \| 2017-0646
	2017 \| Android EoP \| 2017-13220
	2017 \| BlueZ (2.6.32-4.13.1) L2CAP config response stack overflow \| 2017-1000251
	2017 \| BlueZ < 5.46 SDP search information disclosure \| 2017-1000250
	2017 \| Qualcomm BT controller RAM dump information leak \| 2017-15841
	2017 \| Qualcomm BT controller integer underflow \| 2017-18170
	2017 \| Qualcomm BT controller system reset DoS \| 2017-18283