Bug 1893914 (CVE-2020-12321)
| Summary: | CVE-2020-12321 hardware: buffer overflow in bluetooth firmware | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Wade Mealing <wmealing> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | bmasney, brdeoliv, dhoward, fhrbata, hkrzesin, jstancek, nmurray, security-response-team |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found in the firmware of some Intel Bluetooth devices. This may allow an unauthenticated attacker within Bluetooth range to overflow a buffer and corrupt memory leading to a crash or privilege escalation.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-12-15 12:47:09 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1895781, 1895782, 1895783, 1895784, 1895785, 1895787, 2048289 | ||
| Bug Blocks: | 1892273 | ||
|
Description
Wade Mealing
2020-11-02 23:54:30 UTC
External References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00403.html Mitigation: To mitigate these vulnerabilities on the operating system level, disable the Bluetooth functionality via blocklisting kernel modules in the Linux kernel. The kernel modules can be prevented from being loaded by using system-wide modprobe rules. Instructions on how to disable Bluetooth modules are available on the Customer Portal at https://access.redhat.com/solutions/2682931. Alternatively, Bluetooth can be disabled within the hardware or at BIOS level which will also provide an effective mitigation as the kernel will not be able to detect that Bluetooth hardware is present on the system. The linux-firmware package did not exist in RHEL 6 and RHEL 5. There were other specific something-firmware packages for different hardware devices. At this time this firmware did not support the listd affected hardware. This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2020:5416 https://access.redhat.com/errata/RHSA-2020:5416 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-12321 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:5479 https://access.redhat.com/errata/RHSA-2020:5479 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:0183 https://access.redhat.com/errata/RHSA-2021:0183 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:0339 https://access.redhat.com/errata/RHSA-2021:0339 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Advanced Update Support Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions Red Hat Enterprise Linux 7.7 Telco Extended Update Support Via RHSA-2022:7887 https://access.redhat.com/errata/RHSA-2022:7887 |