Security News > 2020 > October > Google, Intel Warn on ‘Zero-Click’ Kernel Bug in Linux-Based IoT Devices
Google and Intel are warning of a high-severity flaw in BlueZ, the Linux Bluetooth protocol stack that provides support for core Bluetooth layers and protocols to Linux-based internet of things devices.
According to Google, the vulnerability affects users of Linux kernel versions before 5.9 that support BlueZ. BlueZ, which is an open-source project distributed under GNU General Public License, features the BlueZ kernel that has been part of the official Linux kernel since version 2.4.6.
Intel which has placed "Significant investment" in BlueZ, addressed the security issue in a Tuesday advisory, recommending that users update the Linux kernel to version 5.9 or later.
"BlueZ is releasing Linux kernel fixes to address these potential vulnerabilities."
The flaw can be exploited by a remote attacker in short distance, who can broadcast extended advertising data and cause a denial-of-service state, or possibly arbitrary code execution with kernel privileges on victim machines, according to Google.
News URL
https://threatpost.com/google-intel-kernel-bug-linux-iot/160067/
Related news
- Google fixes Android kernel zero-day exploited in attacks (source)
- Google patches odd Android kernel security bug amid signs of targeted exploitation (source)
- CISA orders agencies to patch Linux kernel bug exploited in attacks (source)
- Mixing Rust and C in Linux likened to cancer by kernel maintainer (source)
- 'Key kernel maintainers' still back Rust in the Linux kernel, despite the doubters (source)
- Linux royalty backs adoption of Rust for kernel code, says its rise is inevitable (source)