Google has released details of a very serious flaw (CVE-2020-12351) affecting the bluetooth stack in versions of the Linux kernel earlier than (Linux 5.9) supporting the (BlueZ) stack within the Internet of Things (IoT) devices running under Linux.
And theRecommend Intel is updating the Linux kernel to version 5.9 or later, Intel says: Incorrect input verification in BlueZ could allow an unauthorized user to increase privileges.
Represent (BlueZ) Official Linux Bluetooth stack, And provides support for Bluetooth backbones and protocols within Linux-based Internet of Things (IoT) devices.
Andy Nguyen, a security engineer from Google, reported to Intel the “BleedingTooth” error.
Intel says: The (BlueZ) open-source project is launching fixes for the Linux kernel in order to address high-risk bugs, in addition to fixes for two medium-severity defects, (CVE-2020-12352) and (CVE-2020-24490).
Last month, researchers from Purdue University claimed that BlueZ was also vulnerable to the BLESA attack.
And Google has detailed the errors in the (Google Security) research repository through the (GitHub) platform. It appears Describe Nguyen’s vulnerability (CVE-2020-12351) is more dangerous than Intel’s description.
He posted a video clip explaining the attack using commands via a Dell XPS 15 computer running Ubuntu to open the calculator on a second Dell computer running Ubuntu without taking any action via the victim’s laptop.
BlueZ contains several Bluetooth modules, including the Bluetooth subsystem core, L2CAP and SCO.
According to Francis Perry of the Google Product Security Incident Response Team, an attacker within the Bluetooth range that knows the Bluetooth device’s address can execute code with kernel privileges.
And theWrote Berry: A remote attacker who is within a short distance and knows the victim’s bluetooth device address can send a malicious packet, causing denial of service or executing arbitrary code with kernel privileges.
Google plans to publish more details about the security flaw soon via Her blog For security, Intel recommends Installing kernel fixes to address these issues if the kernel cannot be upgraded.