Bug 1893914 (CVE-2020-12321) - CVE-2020-12321 hardware: buffer overflow in bluetooth firmware
Summary: CVE-2020-12321 hardware: buffer overflow in bluetooth firmware
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-12321
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1895781 1895782 1895783 1895784 1895785 1895787 2048289
Blocks: 1892273
TreeView+ depends on / blocked
 
Reported: 2020-11-02 23:54 UTC by Wade Mealing
Modified: 2022-11-09 10:52 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the firmware of some Intel Bluetooth devices. This may allow an unauthenticated attacker within Bluetooth range to overflow a buffer and corrupt memory leading to a crash or privilege escalation.
Clone Of:
Environment:
Last Closed: 2020-12-15 12:47:09 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2020:5669 0 None None None 2020-12-22 19:32:05 UTC
Red Hat Product Errata RHBA-2021:0412 0 None None None 2021-02-04 10:43:47 UTC
Red Hat Product Errata RHSA-2020:5416 0 None None None 2020-12-15 08:56:15 UTC
Red Hat Product Errata RHSA-2020:5479 0 None None None 2020-12-15 16:41:23 UTC
Red Hat Product Errata RHSA-2021:0183 0 None None None 2021-01-19 10:53:21 UTC
Red Hat Product Errata RHSA-2021:0339 0 None None None 2021-02-02 12:02:31 UTC
Red Hat Product Errata RHSA-2022:7887 0 None None None 2022-11-09 10:52:49 UTC

Description Wade Mealing 2020-11-02 23:54:30 UTC
A flaw was found in the firmware of some Intel bluetooth devices.  This may allow an unauthenticated attacker within bluetooth range to overflow a buffer and corrupt memory leading to a crash or privilege escalation.

Limited information is available about this flaw, it is believed it affects all firmware releases prior to 21.110

Comment 9 Wade Mealing 2020-11-10 23:46:37 UTC
Mitigation:


To mitigate these vulnerabilities on the operating system level, disable the Bluetooth functionality via blocklisting kernel modules in the Linux kernel. The kernel modules can be prevented from being loaded by using system-wide modprobe rules. Instructions on how to disable Bluetooth modules are available on the Customer Portal at https://access.redhat.com/solutions/2682931.

Alternatively, Bluetooth can be disabled within the hardware or at BIOS level which will also provide an effective mitigation as the kernel will not be able to detect that Bluetooth hardware is present on the system.

Comment 10 Wade Mealing 2020-11-11 06:38:09 UTC
The linux-firmware package did not exist in RHEL 6 and RHEL 5.  There were other specific something-firmware packages for different hardware devices.  At this time this firmware did not support the listd affected hardware.

Comment 14 errata-xmlrpc 2020-12-15 08:56:42 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2020:5416 https://access.redhat.com/errata/RHSA-2020:5416

Comment 15 Product Security DevOps Team 2020-12-15 12:47:09 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-12321

Comment 16 errata-xmlrpc 2020-12-15 16:41:20 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:5479 https://access.redhat.com/errata/RHSA-2020:5479

Comment 17 errata-xmlrpc 2021-01-19 10:53:17 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2021:0183 https://access.redhat.com/errata/RHSA-2021:0183

Comment 18 errata-xmlrpc 2021-02-02 12:02:28 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:0339 https://access.redhat.com/errata/RHSA-2021:0339

Comment 20 errata-xmlrpc 2022-11-09 10:52:48 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Advanced Update Support
  Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.7 Telco Extended Update Support

Via RHSA-2022:7887 https://access.redhat.com/errata/RHSA-2022:7887


Note You need to log in before you can comment on or make changes to this bug.