Bug 1886529 (CVE-2020-12352) - CVE-2020-12352 kernel: net: bluetooth: information leak when processing certain AMP packets
Summary: CVE-2020-12352 kernel: net: bluetooth: information leak when processing certa...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-12352
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1888333 1888334 1888335 1888336 1888337 1888440 1888792 1888793 1888794 1888795 1888796 1888797 1888798 1888799 1888800 1888801 1888802 1888803 1888804 1888805 1888806 1888807 1888906
Blocks: 1886532 1888711 1888714
TreeView+ depends on / blocked
 
Reported: 2020-10-08 16:49 UTC by Guilherme de Almeida Suckevicz
Modified: 2021-02-16 19:07 UTC (History)
50 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
An information leak flaw was found in the way Linux kernel’s Bluetooth stack implementation handled initialization of stack memory when handling certain AMP (Alternate MAC-PHY Manager Protocol) packets. This flaw allows a remote attacker in an adjacent range to leak small portions of stack memory on the system by sending specially crafted AMP packets. The highest threat from this vulnerability is to data confidentiality.
Clone Of:
Environment:
Last Closed: 2020-10-19 20:22:08 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:4276 0 None None None 2020-10-20 11:04:50 UTC
Red Hat Product Errata RHSA-2020:4277 0 None None None 2020-10-19 17:12:24 UTC
Red Hat Product Errata RHSA-2020:4278 0 None None None 2020-10-19 15:45:53 UTC
Red Hat Product Errata RHSA-2020:4279 0 None None None 2020-10-19 16:58:08 UTC
Red Hat Product Errata RHSA-2020:4280 0 None None None 2020-10-19 15:40:19 UTC
Red Hat Product Errata RHSA-2020:4281 0 None None None 2020-10-19 16:58:36 UTC
Red Hat Product Errata RHSA-2020:4286 0 None None None 2020-10-20 08:48:45 UTC
Red Hat Product Errata RHSA-2020:4287 0 None None None 2020-10-20 08:39:43 UTC
Red Hat Product Errata RHSA-2020:4288 0 None None None 2020-10-20 08:31:00 UTC
Red Hat Product Errata RHSA-2020:4289 0 None None None 2020-10-20 09:01:12 UTC
Red Hat Product Errata RHSA-2020:4990 0 None None None 2020-11-10 08:56:00 UTC
Red Hat Product Errata RHSA-2020:4991 0 None None None 2020-11-10 09:06:43 UTC

Description Guilherme de Almeida Suckevicz 2020-10-08 16:49:11 UTC
An information leak flaw was found in the way Linux kernel Bluetooth stack implementation handled initialization of stack memory when handling certain AMP packets. A remote attacker in adjacent range could use this flaw to leak small portions of stack memory on the system by sending a specially crafted AMP packets.

Comment 7 Petr Matousek 2020-10-14 20:56:45 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1888440]

Comment 9 Petr Matousek 2020-10-14 21:00:47 UTC
Acknowledgments:

Name: Andy Nguyen (Google), Intel

Comment 12 Fedora Update System 2020-10-15 22:33:34 UTC
FEDORA-2020-e288acda9a has been pushed to the Fedora 32 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 13 Fedora Update System 2020-10-15 22:35:40 UTC
FEDORA-2020-ce117eff51 has been pushed to the Fedora 33 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 14 Fedora Update System 2020-10-16 00:30:27 UTC
FEDORA-2020-ad980d282f has been pushed to the Fedora 31 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 34 Eric Christensen 2020-10-19 13:18:30 UTC
Mitigation:

To mitigate these vulnerabilities on the operating system level, disable the Bluetooth functionality via blocklisting kernel modules in the Linux kernel. The kernel modules can be prevented from being loaded by using system-wide modprobe rules. Instructions on how to disable Bluetooth modules are available on the Customer Portal at https://access.redhat.com/solutions/2682931.

Alternatively, Bluetooth can be disabled within the hardware or at BIOS level which will also provide an effective mitigation as the kernel will not be able to detect that Bluetooth hardware is present on the system.

Comment 44 errata-xmlrpc 2020-10-19 15:40:14 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:4280 https://access.redhat.com/errata/RHSA-2020:4280

Comment 45 errata-xmlrpc 2020-10-19 15:45:48 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Advanced Update Support
  Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.4 Telco Extended Update Support

Via RHSA-2020:4278 https://access.redhat.com/errata/RHSA-2020:4278

Comment 46 errata-xmlrpc 2020-10-19 16:58:05 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:4279 https://access.redhat.com/errata/RHSA-2020:4279

Comment 47 errata-xmlrpc 2020-10-19 16:58:32 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Extended Update Support

Via RHSA-2020:4281 https://access.redhat.com/errata/RHSA-2020:4281

Comment 48 errata-xmlrpc 2020-10-19 17:12:21 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Extended Update Support

Via RHSA-2020:4277 https://access.redhat.com/errata/RHSA-2020:4277

Comment 50 Product Security DevOps Team 2020-10-19 20:22:08 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-12352

Comment 60 errata-xmlrpc 2020-10-20 08:30:50 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:4288 https://access.redhat.com/errata/RHSA-2020:4288

Comment 61 errata-xmlrpc 2020-10-20 08:39:36 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2020:4287 https://access.redhat.com/errata/RHSA-2020:4287

Comment 62 errata-xmlrpc 2020-10-20 08:48:39 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:4286 https://access.redhat.com/errata/RHSA-2020:4286

Comment 63 errata-xmlrpc 2020-10-20 09:01:02 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:4289 https://access.redhat.com/errata/RHSA-2020:4289

Comment 64 errata-xmlrpc 2020-10-20 11:04:55 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:4276 https://access.redhat.com/errata/RHSA-2020:4276

Comment 75 errata-xmlrpc 2020-11-10 08:55:55 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.2 Advanced Update Support

Via RHSA-2020:4990 https://access.redhat.com/errata/RHSA-2020:4990

Comment 76 errata-xmlrpc 2020-11-10 09:06:36 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Advanced Update Support
  Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.3 Telco Extended Update Support

Via RHSA-2020:4991 https://access.redhat.com/errata/RHSA-2020:4991


Note You need to log in before you can comment on or make changes to this bug.