Details of a high-severity flaw affecting the Bluetooth stack in the Linux kernel versions below 5.9 that support BlueZ has been released by Google.
Intel has stated in their advisory for the high-severity Bluetooth flaw, BleedingTooth, CVE-2020-12351, to update the Linux kernel to version 5.9 that was released just two days ago.
The advisory states that improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
BlueZ is found on Linux-based IoT devices and is the official Linux Bluetooth stack. It contains several Bluetooth modules including the Bluetooth kernel subsystem core, and L2CAP and SCO audio kernel layers.
BlueZ project is releasing Linux kernel fixes to address the high-severity flaw, together with fixes for two medium-severity flaws, CVE-2020-12352 and CVE-2020-24490.
The bug CVE-2020-12352 is due to improper access control in BlueZ that may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
The flaw CVE-2020-24490 refers to BlueZ’s lack of proper buffer restrictions that may allow an unauthenticated user to potentially enable denial of service via adjacent access.
Andy Nguyen, a security engineer from Google, reported the bugs to Intel. According to researchers from Purdue University, the BlueZ was also vulnerable to BLESA (Bluetooth Low Energy Spoofing Attack), along with the Fluoride (Android), and the iOS BLE stack.
Google has detailed the bugs on the Google Security Research Repository on GitHub.
According to Andy Nguyen, the flaw is a “zero click” Linux Bluetooth Remote Code Execution flaw. A short video demonstrating the attack using commands on one Dell XPS 15 laptop running Ubuntu to open the calculator on a second Dell Ubuntu laptop without any action taken on the victim’s laptop was also published.
An attacker within Bluetooth range who knows the target’s Bluetooth device address (bd address) can execute arbitrary code with kernel privileges.
BleedingTooth affects Linux kernel versions 5.8 and higher but not Linux 5.9 and higher.
Intel recommends updating to Linux kernel 5.9 to mitigate the vulnerability.
Further details regarding the BleedingTooth vulnerability will be shortly published on the Google Security Blog.
Image Credits : About Technology