Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo Random Number Generator (PRNG) is used in situations where a Hardware Random Number Generator (HRNG) should have been used to prevent spoofing. This affects, for example, Samsung Galaxy S8, S8+, and Note8 devices with the BCM4361 chipset. The Samsung ID is SVE-2020-16882 (May 2020).
https://github.com/seemoo-lab/internalblue/blob/master/doc/rng.md
https://twitter.com/naehrdine/status/1255980443368919045
https://twitter.com/naehrdine/status/1255981245147877377
https://security.samsungmobile.com/securityUpdate.smsb
https://media.ccc.de/v/DiVOC-6-finding_eastereggs_in_broadcom_s_bluetooth_random_number_generator
https://support.apple.com/kb/HT211100
https://support.apple.com/kb/HT211168
Source: MITRE
Published: 2020-05-08
Updated: 2022-04-26
Type: NVD-CWE-noinfo
Base Score: 3.3
Vector: AV:A/AC:L/Au:N/C:N/I:P/A:N
Impact Score: 2.9
Exploitability Score: 6.5
Severity: LOW
Base Score: 6.5
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Impact Score: 3.6
Exploitability Score: 2.8
Severity: MEDIUM