Security News > 2020 > October > Google Warns of Zero-Click Bluetooth Flaws in Linux-based Devices

Google security researchers are warning of a new set of zero-click vulnerabilities in the Linux Bluetooth software stack that can allow a nearby unauthenticated, remote attacker to execute arbitrary code with kernel privileges on vulnerable devices.

According to security engineer Andy Nguyen, the three flaws - collectively called BleedingTooth - reside in the open-source BlueZ protocol stack that offers support for many of the core Bluetooth layers and protocols for Linux-based systems such as laptops and IoT devices.

The first and the most severe is a heap-based type confusion affecting Linux kernel 4.8 and higher and is present in the Logical Link Control and Adaptation Protocol of the Bluetooth standard, which provides multiplexing of data between different higher layer protocols.

The second unpatched vulnerability concerns a stack-based information disclosure flaw affecting Linux kernel 3.6 and higher.

Lastly, a third flaw discovered in HCI, a standardized Bluetooth interface used for sending commands, receiving events, and for transmitting data, is a heap-based buffer overflow impacting Linux kernel 4.19 and higher, causing a nearby remote attacker to "Cause denial of service or possibly arbitrary code execution with kernel privileges on victim machines if they are equipped with Bluetooth 5 chips and are in scanning mode."

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/8OSrchF09K0/linux-Bluetooth-hacking.html