1893914 – (CVE-2020-12321) CVE-2020-12321 hardware: buffer overflow in bluetooth firmware

Bug 1893914 (CVE-2020-12321) - CVE-2020-12321 hardware: buffer overflow in bluetooth firmware

Summary: CVE-2020-12321 hardware: buffer overflow in bluetooth firmware

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2020-12321
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1895781 1895782 1895783 1895784 1895785 1895787 2048289
Blocks:	1892273
TreeView+	depends on / blocked

Reported:	2020-11-02 23:54 UTC by Wade Mealing
Modified:	2022-11-09 10:52 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in the firmware of some Intel Bluetooth devices. This may allow an unauthenticated attacker within Bluetooth range to overflow a buffer and corrupt memory leading to a crash or privilege escalation.
Clone Of:
Environment:
Last Closed:	2020-12-15 12:47:09 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2020:5669	None	None	None	2020-12-22 19:32:05 UTC
Red Hat Product Errata	RHBA-2021:0412	None	None	None	2021-02-04 10:43:47 UTC
Red Hat Product Errata	RHSA-2020:5416	None	None	None	2020-12-15 08:56:15 UTC
Red Hat Product Errata	RHSA-2020:5479	None	None	None	2020-12-15 16:41:23 UTC
Red Hat Product Errata	RHSA-2021:0183	None	None	None	2021-01-19 10:53:21 UTC
Red Hat Product Errata	RHSA-2021:0339	None	None	None	2021-02-02 12:02:31 UTC
Red Hat Product Errata	RHSA-2022:7887	None	None	None	2022-11-09 10:52:49 UTC

Description Wade Mealing 2020-11-02 23:54:30 UTC

A flaw was found in the firmware of some Intel bluetooth devices.  This may allow an unauthenticated attacker within bluetooth range to overflow a buffer and corrupt memory leading to a crash or privilege escalation.

Limited information is available about this flaw, it is believed it affects all firmware releases prior to 21.110

Comment 4 Wade Mealing 2020-11-10 23:23:35 UTC

External References:

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00403.html

Comment 9 Wade Mealing 2020-11-10 23:46:37 UTC

Mitigation:


To mitigate these vulnerabilities on the operating system level, disable the Bluetooth functionality via blocklisting kernel modules in the Linux kernel. The kernel modules can be prevented from being loaded by using system-wide modprobe rules. Instructions on how to disable Bluetooth modules are available on the Customer Portal at https://access.redhat.com/solutions/2682931.

Alternatively, Bluetooth can be disabled within the hardware or at BIOS level which will also provide an effective mitigation as the kernel will not be able to detect that Bluetooth hardware is present on the system.

Comment 10 Wade Mealing 2020-11-11 06:38:09 UTC

The linux-firmware package did not exist in RHEL 6 and RHEL 5.  There were other specific something-firmware packages for different hardware devices.  At this time this firmware did not support the listd affected hardware.

Comment 14 errata-xmlrpc 2020-12-15 08:56:42 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2020:5416 https://access.redhat.com/errata/RHSA-2020:5416

Comment 15 Product Security DevOps Team 2020-12-15 12:47:09 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-12321

Comment 16 errata-xmlrpc 2020-12-15 16:41:20 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:5479 https://access.redhat.com/errata/RHSA-2020:5479

Comment 17 errata-xmlrpc 2021-01-19 10:53:17 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2021:0183 https://access.redhat.com/errata/RHSA-2021:0183

Comment 18 errata-xmlrpc 2021-02-02 12:02:28 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:0339 https://access.redhat.com/errata/RHSA-2021:0339

Comment 20 errata-xmlrpc 2022-11-09 10:52:48 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Advanced Update Support
  Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.7 Telco Extended Update Support

Via RHSA-2022:7887 https://access.redhat.com/errata/RHSA-2022:7887

Note You need to log in before you can comment on or make changes to this bug.