Project:Security/Vulnerabilities/BleedingTooth vulnerability
Summary
Gentoo Linux has been made aware of a vulnerability in Linux bluetooth stack (BlueZ) requiring updates to the Linux kernel.
CVE-2020-12351
A flaw was found in the way the Linux kernel Bluetooth implementation handled L2CAP packets with A2MP CID. A remote attacker in adjacent range could use this flaw to crash the system causing denial of service or potentially execute arbitrary code on the system by sending a specially crafted L2CAP packet.
CVE-2020-12352
An information leak flaw was found in the way Linux kernel Bluetooth stack implementation handled initialization of stack memory when handling certain AMP packets. A remote attacker in adjacent range could use this flaw to leak small portions of stack memory on the system by sending a specially crafted AMP packets.
CVE-2020-24490
A heap buffer overflow flaw was found in the way the Linux kernel Bluetooth implementation processed extended advertising report events. A remote attacker in adjacent range could use this flaw to crash the system causing denial of service or potentially execute arbitrary code on the system by sending a specially crafted Bluetooth packet.
Resolution
If you do not use Bluetooth, the viable mitigation is to disable Bluetooth on the system.
If you require Bluetooth support, there is no known complete mitigation other than updating the kernel and rebooting the system.
Kernel updates
You can subscribe to bug bug #749315 to get notified.
LTS branch | Version with complete mitigation | Recommended version (stabilization candidate) |
---|---|---|
4.4 | >=sys-kernel/gentoo-sources-4.4.240 | =sys-kernel/gentoo-sources-4.4.240 |
4.9 | >=sys-kernel/gentoo-sources-4.9.240 | =sys-kernel/gentoo-sources-4.9.240 |
4.14 | >=sys-kernel/gentoo-sources-4.14.202 | =sys-kernel/gentoo-sources-4.14.202 |
4.19 | >=sys-kernel/gentoo-sources-4.19.152 | =sys-kernel/gentoo-sources-4.19.152 |
5.4 | >=sys-kernel/gentoo-sources-5.4.72 | =sys-kernel/gentoo-sources-5.4.72 |
References
- Gentoo tracker bug
- CVE-2020-12351
- CVE-2020-12352
- CVE-2020-24490
- Intel: BlueZ Advisory (INTEL-SA-00435)