Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 749315 (BleedingTooth, CVE-2020-12351, CVE-2020-12352, CVE-2020-24490) - kernel: net: bluetooth: BleedingTooth
Summary: kernel: net: bluetooth: BleedingTooth
Status: IN_PROGRESS
Alias: BleedingTooth, CVE-2020-12351, CVE-2020-12352, CVE-2020-24490
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Highest blocker (vote)
Assignee: Gentoo Kernel Security
URL: https://www.intel.com/content/www/us/...
Whiteboard: A0 [stable]
Keywords: CC-ARCHES, STABLEREQ
Depends on: 749837
Blocks:
  Show dependency tree
 
Reported: 2020-10-15 15:22 UTC by Thomas Deutschmann
Modified: 2020-10-18 23:22 UTC (History)
8 users (show)

See Also:
Package list:
sys-kernel/gentoo-sources-4.4.240 sys-kernel/gentoo-sources-4.9.240 sys-kernel/gentoo-sources-4.14.202 sys-kernel/gentoo-sources-4.19.152 sys-kernel/gentoo-sources-5.4.72
Runtime testing required: ---
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann gentoo-dev Security 2020-10-15 15:22:05 UTC
A flaw was found in the way the Linux kernel Bluetooth implementation handled L2CAP packets with A2MP CID. A remote attacker in adjacent range could use this flaw to crash the system causing denial of service or potentially execute arbitrary code on the system by sending a specially crafted L2CAP packet.


External References:

https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-2-luiz.dentz@gmail.com/
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
https://github.com/google/security-research/security/advisories/GHSA-h637-c88j-47wq
Comment 1 Thomas Deutschmann gentoo-dev Security 2020-10-15 15:28:30 UTC
CVE-2020-12351:
===============
A flaw was found in the way the Linux kernel Bluetooth implementation handled L2CAP packets with A2MP CID. A remote attacker in adjacent range could use this flaw to crash the system causing denial of service or potentially execute arbitrary code on the system by sending a specially crafted L2CAP packet.

CVE-2020-12352:
===============
An information leak flaw was found in the way Linux kernel Bluetooth stack implementation handled initialization of stack memory when handling certain AMP packets. A remote attacker in adjacent range could use this flaw to leak small portions of stack memory on the system by sending a specially crafted AMP packets.

CVE-2020-24490:
===============
A heap buffer overflow flaw was found in the way the Linux kernel Bluetooth implementation processed extended advertising report events. A remote attacker in adjacent range could use this flaw to crash the system causing denial of service or potentially execute arbitrary code on the system by sending a specially crafted Bluetooth packet.
Comment 2 Thomas Deutschmann gentoo-dev Security 2020-10-17 13:17:23 UTC
Patches landed in

>=sys-kernel/gentoo-sources-4.4.240
>=sys-kernel/gentoo-sources-4.9.240
>=sys-kernel/gentoo-sources-4.14.202
>=sys-kernel/gentoo-sources-4.19.152
>=sys-kernel/gentoo-sources-5.4.72
>=sys-kernel/gentoo-sources-5.8.16
>=sys-kernel/gentoo-sources-5.9.1

Note to binary kernel users: The distro kernel is based on same gentoo-sources and therefore not explicitly mentioned.

We are currently checking for regressions and will hopefully start stabilization soon.
Comment 3 NATTkA bot gentoo-dev 2020-10-18 22:44:49 UTC
Unable to check for sanity:

> dependent bug #749837 is missing keywords
Comment 4 NATTkA bot gentoo-dev 2020-10-18 22:53:05 UTC
All sanity-check issues have been resolved
Comment 5 Thomas Deutschmann gentoo-dev Security 2020-10-18 23:22:23 UTC
x86 stable
Comment 6 Thomas Deutschmann gentoo-dev Security 2020-10-18 23:22:44 UTC
amd64 stable