Intel and Google are urging buyers to update the Linux kernel to variation 5.9 or afterwards.
Google and Intel are warning of a superior-severity flaw in BlueZ, the Linux Bluetooth protocol stack that supplies guidance for core Bluetooth layers and protocols to Linux-dependent internet of issues (IoT) units.
In accordance to Google, the vulnerability impacts people of Linux kernel variations just before 5.9 that assistance BlueZ. BlueZ, which is an open up-resource task dispersed underneath GNU Normal Public License (GPL), options the BlueZ kernel that has been aspect of the formal Linux kernel considering the fact that model 2.4.6.
The flaw, which Google phone calls “BleedingTooth,” can be exploited in a “zero-click” attack by using specifically crafted enter, by a nearby, unauthenticated attacker. This could likely permit for escalated privileges on impacted products.
“A distant attacker in brief length knowing the victim’s bd [Bluetooth] deal with can send a malicious l2cap [Logical Link Control and Adaptation Layer Protocol] packet and cause denial of service or probably arbitrary code execution with kernel privileges,” according to a Google article on Github. “Malicious Bluetooth chips can trigger the vulnerability as effectively.”
The flaw (CVE-2020-12351) ranks 8.3 out of 10 on the CVSS scale, earning it significant-severity. It specially stems from a heap-dependent kind confusion in net/bluetooth/l2cap_core.c. A style-confusion vulnerability is a particular bug that can lead to out-of-bounds memory accessibility and can lead to code execution or ingredient crashes that an attacker can exploit. In this circumstance, the issue is that there is inadequate validation of user-equipped input inside the BlueZ implementation in Linux kernel.
Intel, in the meantime, which has put “significant investment” in BlueZ, addressed the security issue in a Tuesday advisory, recommending that people update the Linux kernel to variation 5.9 or later on.
“Potential security vulnerabilities in BlueZ may possibly enable escalation of privilege or information disclosure,” in accordance to the security advisory. “BlueZ is releasing Linux kernel fixes to address these prospective vulnerabilities.”
Google has also posted evidence-of-notion exploit code for the flaw on GitHub. See a video demo of BleedingTooth under:
Intel also issued a resolve for two medium-severity flaws that have an affect on BlueZ, both of those of which stem from poor accessibility manage. That consists of CVE-2020-12352, which could enable an unauthenticated user to probably allow details disclosure by using adjacent obtain.
“A remote attacker in brief length recognizing the victim’s bd address can retrieve kernel-stack facts that contains various pointers that can be utilised to forecast the memory layout and to defeat KASLR,” according to a description on GitHub. “The leak may consist of other precious data these as the encryption keys.”
Yet another flaw (CVE-2020-24490) could allow an unauthenticated user to probably empower denial of provider via adjacent obtain. The flaw can be exploited by a distant attacker in limited distance, who can broadcast prolonged promoting facts and lead to a denial-of-support point out, or perhaps arbitrary code execution with kernel privileges on sufferer machines (if they are outfitted with Bluetooth 5 chips and are in scanning method), according to Google.
Andy Nguyen, security engineer with Google, was credited with identifying the flaw. Further aspects will soon be readily available on Google’s security site.
On Oct 14 at 2 PM ET Get the latest info on the rising threats to retail e-commerce security and how to end them. Register today for this Free of charge Threatpost webinar, “Retail Security: Magecart and the Increase of e-Commerce Threats.” Magecart and other risk actors are riding the mounting wave of online retail usage and racking up huge figures of shopper victims. Uncover out how web-sites can prevent becoming the future compromise as we go into the holiday period. Sign up for us Wednesday, Oct. 14, 2-3 PM ET for this LIVE webinar.
Some areas of this post are sourced from:
threatpost.com