Researchers have found a new vulnerability affecting Linux devices. Dubbed BleedingTooth, the Bluetooth vulnerability allows remote code execution on target Linux devices.
BleedingTooth Bluetooth Vulnerability Affects Linux
A Google engineer Andy Nguyen has found a serious vulnerability targeting Linux systems.
Named BleedingTooth, the vulnerability resides in the BlueZ Bluetooth stack of Linux allowing RCE attacks on other devices. All it takes for an attacker to exploit the bug is to have the vulnerable device within Bluetooth range.
Intel has recently disclosed this vulnerability via an advisory that describes it as,
Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
The vulnerability, CVE-2020-12351 has attained a high-severity rating with a CVSS score of 8.3
The following video demonstrated BleedingTooth exploit in real-time.
Moreover, the PoC exploit code has also arrived on GitHub. Thanks to Francis Perron of the Google security team. Describing this vulnerability, Perron wrote,
A remote attacker in short distance knowing the victim’s bd address can send a malicious l2cap packet and cause denial of service or possibly arbitrary code execution with kernel privileges. Malicious Bluetooth chips can trigger the vulnerability as well.
Alongside CVE-2020-12351, Intel has elaborated that the researcher found two medium severity flaws as well; CVE-2020-12352 and CVE-2020-24490. Both the vulnerabilities received a CVSS score of 5.3.
Update To Linux 5.9
The high-severity Bluetooth flaw affected the Linux Kernel version 4.8 and higher.
Fortunately for the users, a patch for BleedingTooth has already arrived with Linux 5.9 released recently.
While the latest Linux version may not have any notable changes that are worth updating. However, considering it carries the fix for this high-severity flaw, make sure to update to Linux Kernel 5.9 sooner.
Also, Linux has patched the other two medium severity bugs as well with the same Kernel release.
More details about this vulnerability will soon be available on the Google Security blog.