Security News > 2020 > October > Google, Intel Warn on ‘Zero-Click’ Kernel Bug in Linux-Based IoT Devices

Google, Intel Warn on ‘Zero-Click’ Kernel Bug in Linux-Based IoT Devices
2020-10-14 13:37

Google and Intel are warning of a high-severity flaw in BlueZ, the Linux Bluetooth protocol stack that provides support for core Bluetooth layers and protocols to Linux-based internet of things devices.

According to Google, the vulnerability affects users of Linux kernel versions before 5.9 that support BlueZ. BlueZ, which is an open-source project distributed under GNU General Public License, features the BlueZ kernel that has been part of the official Linux kernel since version 2.4.6.

Intel which has placed "Significant investment" in BlueZ, addressed the security issue in a Tuesday advisory, recommending that users update the Linux kernel to version 5.9 or later.

"BlueZ is releasing Linux kernel fixes to address these potential vulnerabilities."

The flaw can be exploited by a remote attacker in short distance, who can broadcast extended advertising data and cause a denial-of-service state, or possibly arbitrary code execution with kernel privileges on victim machines, according to Google.


News URL

https://threatpost.com/google-intel-kernel-bug-linux-iot/160067/

Related vendor