Google security researchers are warning of a number of new zero-click vulnerabilities in the Linux Bluetooth software stack that could allow an unauthenticated remote attacker nearby to execute arbitrary code with kernel permissions on vulnerable devices.
According to the safety engineer
, the three shortcomings – called collectively BleedingTooth – You are on the open source BlueZ protocol stack, which has support for many of the major Bluetooth layers and protocols for Linux-based systems such as laptops and IoT devices.
BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution— Andy Nguyen (@theflow0) October 13, 2020
Blog post available soon on: https://t.co/2SDRm6PZaQ
Google Security Research Repository: https://t.co/0HolidyWvV
Intel Security Advisory: https://t.co/kfGj3MWajy
The first, and most serious, is a heap-based type confusion (CVE-2020-12351, CVSS score 8.3) that affects Linux kernel 4.8 and higher and is included in the Logical Link Control and Adaptation Protocol (L2CAP) of the Bluetooth standard the multiplexing of data between different higher-layer protocols.
“A distant attacker at close range who knows the victim [Bluetooth device] Address can send a malicious l2cap packet and cause denial-of-service or possibly arbitrary code execution with kernel permissions, “stated Google in its notice.” Malicious Bluetooth chips can also trigger the vulnerability. ”
The vulnerability, which remains to be addressed, appears to have been introduced by a 2016 change to the l2cap_core.c module.
Intel, which has made significant investments in the BlueZ project, has also issued a warning flagging CVE-2020-12351 as a permissions escalation error.
The second unpatched vulnerability (CVE-2020-12352) affects a stack-based information disclosure bug that affects Linux kernel 3.6 and later.
As a result of a 2012 change to the alternative Alternate MAC-PHY Manager Protocol (A2MP) – a high-speed transport connection that is used in Bluetooth HS (High Speed) to enable the transmission of larger amounts of data – the problem enables a remote attacker in short distance to get kernel stack information to predict memory layout and bypass address space layout randomization (KASLR)
A third bug (CVE-2020-24490) discovered in HCI (Host Controller Interface), a standardized Bluetooth interface for sending commands, receiving events, and transferring data, is a heap-based buffer overflow that occurs affects Linux kernel 4.19 and higher, resulting in a nearby attacker causing “denial of service or possibly arbitrary code execution with kernel permissions on victims’ computers when they are connected to Bluetooth 5- Chips are equipped and are in scan mode “.
The vulnerability, which has been accessible since 2018, has been patched in versions 4.19.137 and 5.7.13.
For its part, Intel has recommended that the kernel fixes be installed to reduce the risk associated with these issues.
“Potential security vulnerabilities in BlueZ can allow escalation of permissions or disclosure of information,” said Intel of the shortcomings. “BlueZ releases Linux kernel fixes to address these potential vulnerabilities.”
These were the details of the news Google warns of Bluetooth no-click errors on Linux-based devices for this day. We hope that we have succeeded by giving you the full details and information. To follow all our news, you can subscribe to the alerts system or to one of our different systems to provide you with all that is new.
It is also worth noting that the original news has been published and is available at de24.news and the editorial team at AlKhaleej Today has confirmed it and it has been modified, and it may have been completely transferred or quoted from it and you can read and follow this news from its main source.