An information leak flaw was found in the way Linux kernel Bluetooth stack implementation handled initialization of stack memory when handling certain AMP packets. A remote attacker in adjacent range could use this flaw to leak small portions of stack memory on the system by sending a specially crafted AMP packets.
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1888440]
Acknowledgments: Name: Andy Nguyen (Google), Intel
FEDORA-2020-e288acda9a has been pushed to the Fedora 32 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2020-ce117eff51 has been pushed to the Fedora 33 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2020-ad980d282f has been pushed to the Fedora 31 stable repository. If problem still persists, please make note of it in this bug report.
External References: https://access.redhat.com/security/vulnerabilities/BleedingTooth https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-1-luiz.dentz@gmail.com/ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html https://github.com/google/security-research/security/advisories/GHSA-7mh3-gq28-gfrq
Mitigation: To mitigate these vulnerabilities on the operating system level, disable the Bluetooth functionality via blocklisting kernel modules in the Linux kernel. The kernel modules can be prevented from being loaded by using system-wide modprobe rules. Instructions on how to disable Bluetooth modules are available on the Customer Portal at https://access.redhat.com/solutions/2682931. Alternatively, Bluetooth can be disabled within the hardware or at BIOS level which will also provide an effective mitigation as the kernel will not be able to detect that Bluetooth hardware is present on the system.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4280 https://access.redhat.com/errata/RHSA-2020:4280
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions Red Hat Enterprise Linux 7.4 Telco Extended Update Support Via RHSA-2020:4278 https://access.redhat.com/errata/RHSA-2020:4278
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4279 https://access.redhat.com/errata/RHSA-2020:4279
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2020:4281 https://access.redhat.com/errata/RHSA-2020:4281
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Extended Update Support Via RHSA-2020:4277 https://access.redhat.com/errata/RHSA-2020:4277
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-12352
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:4288 https://access.redhat.com/errata/RHSA-2020:4288
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:4287 https://access.redhat.com/errata/RHSA-2020:4287
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4286 https://access.redhat.com/errata/RHSA-2020:4286
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4289 https://access.redhat.com/errata/RHSA-2020:4289
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4276 https://access.redhat.com/errata/RHSA-2020:4276
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.2 Advanced Update Support Via RHSA-2020:4990 https://access.redhat.com/errata/RHSA-2020:4990
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Advanced Update Support Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions Red Hat Enterprise Linux 7.3 Telco Extended Update Support Via RHSA-2020:4991 https://access.redhat.com/errata/RHSA-2020:4991