Called BleedingTooth, the collection of vulnerabilities could allow attacks on remote code execution. The problem affects the Linux kernel 4.8 and higher and is in the open source BlueZ protocol stack. It was assigned CVE-2020-12351 and a CVSS score of 8.3.
Over on GitHub, Google researchers share details about BleedingTooth, describing it as “heap-based type confusion in L2CAP”. The security researcher indicates that the vulnerability is severe and offers sample code as proof-of-concept that works on Ubuntu 20.04 LTS.
The team says about the vulnerability:
A remote attacker at close range, knowing the victim’s BD address, could send a malicious l2cap packet causing denial of service or possibly arbitrary code execution with kernel privileges. Malicious Bluetooth chips can also trigger the vulnerability.
Over on Twitter, Security Engineer Andy Nguyen shared updates about the vulnerability, including a video showing the click-and-click action of the vulnerability:Intel has issued its own security advisory regarding this vulnerability and suggests that users apply a number of kernel patches to protect themselves and their systems.
Credit: Stanislaw Mikulski / Shutterstock
These were the details of the news Linux systems that are at risk of compromising the BleedingTooth Bluetooth... for this day. We hope that we have succeeded by giving you the full details and information. To follow all our news, you can subscribe to the alerts system or to one of our different systems to provide you with all that is new.
It is also worth noting that the original news has been published and is available at de24.news and the editorial team at AlKhaleej Today has confirmed it and it has been modified, and it may have been completely transferred or quoted from it and you can read and follow this news from its main source.