Google warns of severe ‘BleedingTooth’ Bluetooth flaw in Linux kernel!

  • by
‘BleedingTooth’ Bluetooth flaw in Linux kernel

Bluetooth flaw in Linux Kernel

If you’re having Linux kernel versions below Linux 5.9 that support BlueZ, this news is for you! Google has released details of a high-severity Bluetooth flaw in Linux kernel versions below Linux 5.9 that support BlueZ.

For those who’re NOT sure about what BlueZ is, can check this link to have an idea. In short BlueZ is the Linux Bluetooth protocol stack. It is found on Linux-based IoT devices

Linux 5.9 was just released two days ago and Intel is recommending in its advisory for the high-severity Bluetooth flaw, CVE-2020-12351, to update the Linux kernel to version 5.9 or later.

Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access

Intel Advisory for CVE-2020-12351

BlueZ is releasing the fix to address two security concerns:

  • Bluetooth flaws for security – CVE-2020-12352 – Improper access control in BlueZ that may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
  • BlueZ’s lack of proper buffer restrictions – CVE-2020-24490 – This may allow an unauthenticated user to potentially enable denial of service via adjacent access.

Andy Nguyen, a security engineer from Google, reported the bugs to Intel.

Last month, the researchers from Purdue University claimed that BlueZ was also vulnerable to BLESA (Bluetooth Low Energy Spoofing Attack), along with the Fluoride (Android), and the iOS BLE stack.

Mr. Nguyen’s report sounds more serious than Intel’s write-up.

He mentioned that it’s a “zero click” Linux Bluetooth Remote Code Execution flaw. He published a video that Uses the commands on one Dell XPS 15 laptop running Ubuntu to open the calculator on a second Dell Ubuntu laptop without any action taken on the victim’s laptop.

BlueZ contains several Bluetooth modules including the Bluetooth kernel subsystem core, GAP, L2CAP, RFCOMM and SDP.

A remote attacker in short distance knowing the victim’s bd address can send a malicious l2cap packet and cause denial of service or possibly arbitrary code execution with kernel privileges. Malicious Bluetooth chips can trigger the vulnerability as well

Perry writes

Google has also published PoC exploit code for the BleedingTooth vulnerability. They plan to publish further details about Bluetooth flaw in Linux Kernel shortly on the Google Security Blog.

Quick Fix for Bluetooth flaw in Linux Kernel

If a kernel upgrade is not possible for you now, Intel recommends installing the below kernel fixes:

  • https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-1-luiz.dentz@gmail.com/
  • https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-2-luiz.dentz@gmail.com/
  • https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-3-luiz.dentz@gmail.com/
  • https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-4-luiz.dentz@gmail.com/
  • https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=a2ec905d1e160a33b2e210e45ad30445ef26ce0e

Are you passionate about Linux and Security? If yes, consider checking our recent news section.

Amazon Kinesis AMI Automation AWS AWS AppStream 2.0 AWS Backup aws certifications aws certifications catalog AWS EBS AWS Elastic Transcoder AWS IAM AWS Sagemaker aws services AWS SES aws support aws swf AWS WorkSpaces AWS X-Ray Azure Cost Management Best Practices chage command Linux Cloud Computing Cloud Migration Data Science DNS Edge Computing Fog Computing Interview Preparation Jenkins Kubernetes Linux Linux User Management Microsoft Azure OSI Model Python R sample questions Server Hardening Supercomputer WordPress

Tags: