Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 749315 (BleedingTooth, CVE-2020-12351, CVE-2020-12352, CVE-2020-24490) - kernel: net: bluetooth: BleedingTooth
Summary: kernel: net: bluetooth: BleedingTooth
Status: RESOLVED FIXED
Alias: BleedingTooth, CVE-2020-12351, CVE-2020-12352, CVE-2020-24490
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Highest blocker
Assignee: Gentoo Kernel Security
URL: https://www.intel.com/content/www/us/...
Whiteboard: A0 []
Keywords: CC-ARCHES, STABLEREQ
Depends on: 749837
Blocks:
  Show dependency tree
 
Reported: 2020-10-15 15:22 UTC by Thomas Deutschmann (RETIRED)
Modified: 2020-11-13 00:06 UTC (History)
2 users (show)

See Also:
Package list:
sys-kernel/gentoo-sources-4.4.240 sys-kernel/gentoo-sources-4.9.240 sys-kernel/gentoo-sources-4.14.202 sys-kernel/gentoo-sources-4.19.152 sys-kernel/gentoo-sources-5.4.72
Runtime testing required: ---
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann (RETIRED) gentoo-dev 2020-10-15 15:22:05 UTC
A flaw was found in the way the Linux kernel Bluetooth implementation handled L2CAP packets with A2MP CID. A remote attacker in adjacent range could use this flaw to crash the system causing denial of service or potentially execute arbitrary code on the system by sending a specially crafted L2CAP packet.


External References:

https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-2-luiz.dentz@gmail.com/
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
https://github.com/google/security-research/security/advisories/GHSA-h637-c88j-47wq
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2020-10-15 15:28:30 UTC
CVE-2020-12351:
===============
A flaw was found in the way the Linux kernel Bluetooth implementation handled L2CAP packets with A2MP CID. A remote attacker in adjacent range could use this flaw to crash the system causing denial of service or potentially execute arbitrary code on the system by sending a specially crafted L2CAP packet.

CVE-2020-12352:
===============
An information leak flaw was found in the way Linux kernel Bluetooth stack implementation handled initialization of stack memory when handling certain AMP packets. A remote attacker in adjacent range could use this flaw to leak small portions of stack memory on the system by sending a specially crafted AMP packets.

CVE-2020-24490:
===============
A heap buffer overflow flaw was found in the way the Linux kernel Bluetooth implementation processed extended advertising report events. A remote attacker in adjacent range could use this flaw to crash the system causing denial of service or potentially execute arbitrary code on the system by sending a specially crafted Bluetooth packet.
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2020-10-17 13:17:23 UTC
Patches landed in

>=sys-kernel/gentoo-sources-4.4.240
>=sys-kernel/gentoo-sources-4.9.240
>=sys-kernel/gentoo-sources-4.14.202
>=sys-kernel/gentoo-sources-4.19.152
>=sys-kernel/gentoo-sources-5.4.72
>=sys-kernel/gentoo-sources-5.8.16
>=sys-kernel/gentoo-sources-5.9.1

Note to binary kernel users: The distro kernel is based on same gentoo-sources and therefore not explicitly mentioned.

We are currently checking for regressions and will hopefully start stabilization soon.
Comment 3 NATTkA bot gentoo-dev 2020-10-18 22:44:49 UTC Comment hidden (obsolete)
Comment 4 NATTkA bot gentoo-dev 2020-10-18 22:53:05 UTC Comment hidden (obsolete)
Comment 5 Thomas Deutschmann (RETIRED) gentoo-dev 2020-10-18 23:22:23 UTC
x86 stable
Comment 6 Thomas Deutschmann (RETIRED) gentoo-dev 2020-10-18 23:22:44 UTC
amd64 stable
Comment 7 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-10-23 05:09:23 UTC
arm64 stable
Comment 8 ernsteiswuerfel archtester 2020-10-26 14:33:14 UTC
Looking good on ppc.

See https://pastebin.com/HGFJjVXh for a successful boot on a G4 DP.
Comment 9 ernsteiswuerfel archtester 2020-10-28 01:53:18 UTC
Looking good on ppc64.

See https://pastebin.com/dPAavz6A for a successful boot dmesg on a Talos II.
Comment 10 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-10-28 01:55:32 UTC
(In reply to ernsteiswuerfel from comment #9)
> Looking good on ppc64.
> 
> See https://pastebin.com/dPAavz6A for a successful boot dmesg on a Talos II.

Brilliant, thank you!

ppc{,64} stable
Comment 11 Thomas Deutschmann (RETIRED) gentoo-dev 2020-11-13 00:06:09 UTC
arm, hppa and sparc marked stable under kernel project policy.