Click the blue text to follow us
Recently, Intel and Google urged users to update the Linux kernel to version 5.9 or higher as soon as possible.
Google and Intel warned that a critical vulnerability has been discovered in the Linux Bluetooth stack BlueZ, which provides core Bluetooth layer and protocol support for Linux-based Internet of Things (IoT) devices.
According to Google, this vulnerability affects users running Linux kernel versions prior to 5.9 that support BlueZ. BlueZ is an open-source project released under the GNU General Public License (GPL), with its kernel having been part of the official Linux kernel since version 2.4.6.
The vulnerability, referred to by Google as “Bleeding Blue”, can be exploited by unauthenticated local attackers via specific inputs to perform a “zero-click” attack, thereby elevating privileges on the target device.
According to an article released by Google on GitHub:
A remote attacker only needs to know the victim’s Bluetooth address to send malicious L2CAP (Logical Link Control and Adaptation Protocol) packets, executing denial-of-service attacks or arbitrary code execution with kernel privileges; malicious Bluetooth chips can also trigger this vulnerability.
The CVSS score for this vulnerability (CVE-2020-12351) is 8.3, indicating it is a serious vulnerability. It specifically arises from heap-based type confusion in net/bluetooth/l2cap_core.c. Type confusion vulnerabilities are specific vulnerabilities that may lead to out-of-bounds memory access and could allow an attacker to execute code or cause component crashes. In this case, the issue lies in the lack of input validation for user-provided inputs in the BlueZ implementation within the Linux kernel.
Intel, which has invested heavily in BlueZ, provided a security solution in its announcement on Tuesday, recommending users update their Linux kernels to version 5.9 or higher.
According to Intel’s security announcement, “Potential security vulnerabilities in BlueZ may allow privilege escalation or information disclosure.” “BlueZ is releasing Linux kernel patches to address these potential vulnerabilities.”
Intel also released patches for two medium-severity vulnerabilities affecting BlueZ, both of which stem from improper access control. This includes CVE-2020-12352, which could potentially allow unauthorized users to enable information disclosure through proximity access.
The other vulnerability (CVE-2020-24490) could allow unauthorized users to enable denial of service through proximity access. Remote attackers could exploit this vulnerability for short-range attacks, broadcasting extended advertisement data to initiate denial-of-service attacks or executing arbitrary code on affected machines with kernel privileges (if equipped with Bluetooth 5 chips).
Google security engineer Andy Nguyen discovered this vulnerability, and he will provide more details on Google’s security blog.
References
Link to the article released by Google on GitHub:
https://github.com/google/security-research/security/advisories/GHSA-h637-c88j-47wq
Link to the security solution provided in Intel’s announcement on Tuesday:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
Link to Google’s security blog:
https://security.googleblog.com/
Related Articles
Bluetooth spoofing vulnerabilities affect billions of IoT devices
Major design flaws in Intel CPUs: Linux and Windows need kernel modifications
