Google, Intel Warn on ‘Zero-Click’ Kernel Bug in Linux-Based IoT Devices

2020-10-14 13:37

Google and Intel are warning of a high-severity flaw in BlueZ, the Linux Bluetooth protocol stack that provides support for core Bluetooth layers and protocols to Linux-based internet of things devices.

According to Google, the vulnerability affects users of Linux kernel versions before 5.9 that support BlueZ. BlueZ, which is an open-source project distributed under GNU General Public License, features the BlueZ kernel that has been part of the official Linux kernel since version 2.4.6.

Intel which has placed "Significant investment" in BlueZ, addressed the security issue in a Tuesday advisory, recommending that users update the Linux kernel to version 5.9 or later.

"BlueZ is releasing Linux kernel fixes to address these potential vulnerabilities."

The flaw can be exploited by a remote attacker in short distance, who can broadcast extended advertising data and cause a denial-of-service state, or possibly arbitrary code execution with kernel privileges on victim machines, according to Google.

News URL

https://threatpost.com/google-intel-kernel-bug-linux-iot/160067/

#google #intel #IOT #kernel #linux

Related vendor

VENDOR	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Google	141	995	4854	2783	1620	10252
Intel	6805	273	746	379	28	1426
Kernel	4	2	9	5	0	16

News URL

Related news

Related vendor