Security News > 2020 > October > BleedingTooth: Vulnerabilities in Linux Bluetooth Allow Zero-Click Attacks
2020-10-14 18:09
Bluetooth vulnerabilities that a Google security researcher has identified in the Linux kernel could be exploited to run arbitrary code or access sensitive information.
The most severe of these flaws is CVE-2020-12351, a heap-based type confusion that affects Linux kernel 4.8 and higher.
Tracked as CVE-2020-24490 and considered medium risk, the third vulnerability is a heap-based buffer overflow that affects Linux kernel 4.19 and higher.
BlueZ, the official Linux Bluetooth protocol stack, has announced Linux kernel fixes that patch all three of these security issues, Intel reveals.
The company notes that the vulnerabilities affect "All Linux kernel versions before 5.9 that support BlueZ.".
News URL
Related news
- CUPS vulnerabilities affecting Linux, Unix systems can lead to RCE (source)
- CUPS vulnerabilities could be abused for DDoS attacks (source)
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- OvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code Execution (source)
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-02 | CVE-2020-24490 | Unspecified vulnerability in Bluez Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. low complexity bluez | 6.5 |
| 2020-11-23 | CVE-2020-12351 | Improper Input Validation vulnerability in Linux Kernel Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | 8.8 |