Security News > 2020 > October > BleedingTooth: Vulnerabilities in Linux Bluetooth Allow Zero-Click Attacks
2020-10-14 18:09
Bluetooth vulnerabilities that a Google security researcher has identified in the Linux kernel could be exploited to run arbitrary code or access sensitive information.
The most severe of these flaws is CVE-2020-12351, a heap-based type confusion that affects Linux kernel 4.8 and higher.
Tracked as CVE-2020-24490 and considered medium risk, the third vulnerability is a heap-based buffer overflow that affects Linux kernel 4.19 and higher.
BlueZ, the official Linux Bluetooth protocol stack, has announced Linux kernel fixes that patch all three of these security issues, Intel reveals.
The company notes that the vulnerabilities affect "All Linux kernel versions before 5.9 that support BlueZ.".
News URL
Related news
- Over 400 IPs Exploiting Multiple SSRF Vulnerabilities in Coordinated Cyber Attack (source)
- GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks (source)
- Linux 'io_uring' security blindspot allows stealthy rootkit attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-02 | CVE-2020-24490 | Unspecified vulnerability in Bluez Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. low complexity bluez | 6.5 |
| 2020-11-23 | CVE-2020-12351 | Improper Input Validation vulnerability in Linux Kernel Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | 8.8 |