Vulnerabilities > CVE-2020-25661 - Type Confusion vulnerability in Redhat Enterprise Linux 8.3

CVSS 8.8 - HIGH

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

low complexity

redhat

CWE-843

NVD

Published: 2020-11-05

Updated: 2023-02-12

Summary

A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled L2CAP packets with A2MP CID. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or potentially executing arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Vulnerable Configurations

Part	Description	Count
OS	Redhat Redhat Enterprise Linux 8.3	1

Common Weakness Enumeration (CWE)

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

References

https://access.redhat.com/security/cve/CVE-2020-12351
https://access.redhat.com/security/vulnerabilities/BleedingTooth
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25661