A flaw was found in the firmware of some Intel bluetooth devices. This may allow an unauthenticated attacker within bluetooth range to overflow a buffer and corrupt memory leading to a crash or privilege escalation. Limited information is available about this flaw, it is believed it affects all firmware releases prior to 21.110
External References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00403.html
Mitigation: To mitigate these vulnerabilities on the operating system level, disable the Bluetooth functionality via blocklisting kernel modules in the Linux kernel. The kernel modules can be prevented from being loaded by using system-wide modprobe rules. Instructions on how to disable Bluetooth modules are available on the Customer Portal at https://access.redhat.com/solutions/2682931. Alternatively, Bluetooth can be disabled within the hardware or at BIOS level which will also provide an effective mitigation as the kernel will not be able to detect that Bluetooth hardware is present on the system.
The linux-firmware package did not exist in RHEL 6 and RHEL 5. There were other specific something-firmware packages for different hardware devices. At this time this firmware did not support the listd affected hardware.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2020:5416 https://access.redhat.com/errata/RHSA-2020:5416
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-12321
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:5479 https://access.redhat.com/errata/RHSA-2020:5479
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:0183 https://access.redhat.com/errata/RHSA-2021:0183
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:0339 https://access.redhat.com/errata/RHSA-2021:0339
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Advanced Update Support Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions Red Hat Enterprise Linux 7.7 Telco Extended Update Support Via RHSA-2022:7887 https://access.redhat.com/errata/RHSA-2022:7887