Lucene search

Redhat.comRH:CVE-2020-12351

HistoryOct 14, 2020 - 9:01 p.m.

CVE-2020-12351

2020-10-1421:01:35

redhat.com

access.redhat.com

linux kernel

bluetooth

l2cap

a2mp cid

vulnerability

denial of service

arbitrary code

data confidentiality

data integrity

system availability

mitigation

operating system

kernel modules

modprobe rules

hardware disablement

bios disablement

CVSS2

5.8

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

60.2%

JSON

A flaw was found in the way the Linux kernel’s Bluetooth implementation handled L2CAP (Logical Link Control and Adaptation Protocol) packets with A2MP (Alternate MAC-PHY Manager Protocol) CID (Channel Identifier). This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or potentially executing arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Mitigation

To mitigate these vulnerabilities on the operating system level, disable the Bluetooth functionality via blocklisting kernel modules in the Linux kernel. The kernel modules can be prevented from being loaded by using system-wide modprobe rules. Instructions on how to disable Bluetooth modules are available on the Customer Portal at <https://access.redhat.com/solutions/2682931>.

Alternatively, Bluetooth can be disabled within the hardware or at BIOS level which will also provide an effective mitigation as the kernel will not be able to detect that Bluetooth hardware is present on the system.