Bug 1886521 (CVE-2020-12351)
Summary: | CVE-2020-12351 kernel: net: bluetooth: type confusion while processing AMP packets | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | abpalaci, acaringi, airlied, asavkov, bhu, blc, bmasney, brdeoliv, bskeggs, cperry, dhoward, dvlasenk, esammons, fhrbata, hdegoede, hkrzesin, iboverma, ichavero, itamar, jarodwilson, jeremy, jforbes, jglisse, jlelli, joe.lawrence, john.j5live, jonathan, josef, jpoimboe, jross, jshortt, jstancek, jsvoboda, jthierry, jwboyer, kcarcia, kernel-maint, kernel-mgr, kpatch-maint, lgoncalv, linville, masami256, mchehab, mcressma, mjg59, mlangsdo, nmurray, pasik, pmatouse, ptalbert, qzhao, rhandlin, rt-maint, rvrbovsk, security-response-team, steved, walters, williams, ycote |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A flaw was found in the way the Linux kernel’s Bluetooth implementation handled L2CAP (Logical Link Control and Adaptation Protocol) packets with A2MP (Alternate MAC-PHY Manager Protocol) CID (Channel Identifier). This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or potentially executing arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-10-19 20:22:01 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1888250, 1888251, 1888252, 1888253, 1888254, 1888255, 1888256, 1888257, 1888258, 1888259, 1888260, 1888261, 1888262, 1888263, 1888264, 1888265, 1888268, 1888269, 1888270, 1888271, 1888272, 1888273, 1888274, 1888439, 1971485, 1971486 | ||
Bug Blocks: | 1886531, 1888711, 1888714 |
Description
Guilherme de Almeida Suckevicz
2020-10-08 16:32:24 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1888439] Acknowledgments: Name: Andy Nguyen (Google), Intel Statement: Red Hat Enterprise Linux 7 is affected starting with the Red Hat Enterprise Linux 7.4 GA kernel version 3.10.0-693 onward. For Red Hat OpenShift Container Platform, while the cluster nodes may be running an underlying kernel that's affected by this flaw present, both virtual and physical hosts in a production environment will generally have the mitigation already in place of having Bluetooth hardware either not present, or not enabled. FEDORA-2020-e288acda9a has been pushed to the Fedora 32 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2020-ce117eff51 has been pushed to the Fedora 33 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2020-ad980d282f has been pushed to the Fedora 31 stable repository. If problem still persists, please make note of it in this bug report. External References: https://access.redhat.com/security/vulnerabilities/BleedingTooth https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-2-luiz.dentz@gmail.com/ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-1-luiz.dentz@gmail.com/ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html https://github.com/google/security-research/security/advisories/GHSA-7mh3-gq28-gfrq https://github.com/google/security-research/security/advisories/GHSA-h637-c88j-47wq https://www.zdnet.com/article/google-warns-of-severe-bleedingtooth-bluetooth-flaw-in-linux-kernel/ Mitigation: To mitigate these vulnerabilities on the operating system level, disable the Bluetooth functionality via blocklisting kernel modules in the Linux kernel. The kernel modules can be prevented from being loaded by using system-wide modprobe rules. Instructions on how to disable Bluetooth modules are available on the Customer Portal at https://access.redhat.com/solutions/2682931. Alternatively, Bluetooth can be disabled within the hardware or at BIOS level which will also provide an effective mitigation as the kernel will not be able to detect that Bluetooth hardware is present on the system. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4280 https://access.redhat.com/errata/RHSA-2020:4280 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions Red Hat Enterprise Linux 7.4 Telco Extended Update Support Via RHSA-2020:4278 https://access.redhat.com/errata/RHSA-2020:4278 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4279 https://access.redhat.com/errata/RHSA-2020:4279 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2020:4281 https://access.redhat.com/errata/RHSA-2020:4281 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Extended Update Support Via RHSA-2020:4277 https://access.redhat.com/errata/RHSA-2020:4277 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-12351 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:4288 https://access.redhat.com/errata/RHSA-2020:4288 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:4287 https://access.redhat.com/errata/RHSA-2020:4287 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4286 https://access.redhat.com/errata/RHSA-2020:4286 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4289 https://access.redhat.com/errata/RHSA-2020:4289 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4276 https://access.redhat.com/errata/RHSA-2020:4276 |