CERT-In Vulnerability Note
CIVN-2020-0367
Vulnerabilities in BlueZBluetooth Implementation in Linux kernel (BleedingTooth)
Original Issue Date:October 16, 2020
Severity Rating: HIGH
Software Affected
- Linux kernel versions 5.9 and prior that support BlueZ
Overview
Multiple vulnerabilities have been reported in BlueZBluetooth implementation in Linux kernel which could allow a remote attacker to execute arbitrary code, gain elevated privileges, access sensitive information or cause denial-of-service (DoS) conditions on a targeted system.
Description
These vulnerabilities exist due to insufficient input validation, improper access control and improper buffer restrictions in BlueZ. An unauthenticated attacker within Bluetooth range could exploit these vulnerabilities by sending a specially crafted Bluetooth packet to an affected system.
Successful exploitation of these vulnerabilities could allow the attacker to execute arbitrary code, gain elevated privileges, access sensitive information or cause denial-of-service (DoS) conditions on the targeted system.
Solution
The vulnerabilities have been fixed in following Linux Kernel patches:
https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-1-luiz.dentz@gmail.com/
https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-2-luiz.dentz@gmail.com/
https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-3-luiz.dentz@gmail.com/
https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-4-luiz.dentz@gmail.com/
https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=a2ec905d1e160a33b2e210e45ad30445ef26ce0e
Users may either apply these kernel patches themselves or contact the vendor for appropriate updates. As a mitigation step, users may also consider disabling Bluetooth on affected systems.
Vendor Information
Intel
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
References
Google
https://github.com/google/security-research/security/advisories/GHSA-h637-c88j-47wq
Redhat
https://access.redhat.com/security/cve/cve-2020-12351
https://access.redhat.com/security/cve/cve-2020-12352
https://access.redhat.com/security/cve/cve-2020-24490
Ubuntu
https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12351.html
https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12352.html
https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24490.html
Debian
https://security-tracker.debian.org/tracker/CVE-2020-12351
https://security-tracker.debian.org/tracker/CVE-2020-12352
https://security-tracker.debian.org/tracker/CVE-2020-24490
Suse
https://www.suse.com/support/kb/doc/?id=000019735
SecurityWeek
https://www.securityweek.com/bleedingtooth-vulnerabilities-linux-bluetooth-allow-zero-click-attacks
ZDNet
https://www.zdnet.com/article/google-warns-of-severe-bleedingtooth-bluetooth-flaw-in-linux-kernel/
CVE Name
CVE-2020-12351
CVE-2020-12352
CVE-2020-24490
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In) Ministry of Electronics and Information Technology Government of India Electronics Niketan 6, CGO Complex, Lodhi Road, New Delhi - 110 003 India
|