Home / Technology / Google warns of Bluetooth no-click errors on Linux-based devices

Google warns of Bluetooth no-click errors on Linux-based devices



Google security researchers are warning of a number of new zero-click vulnerabilities in the Linux Bluetooth software stack that could allow an unauthenticated remote attacker nearby to execute arbitrary code with kernel permissions on vulnerable devices.

According to safety engineer Andy Nguyen, the three defects – are named together BleedingTooth ̵

1; are on the open source BlueZ protocol stack, which provides support for many of the major Bluetooth layers and protocols for Linux-based systems such as laptops and IoT devices.

The first and most serious is a heap-based type confusion (CVE-2020-12351, CVSS score 8.3) that affects Linux kernel 4.8 and later and is contained in the Logical Link Control and Adaptation Protocol (L2CAP) of the Bluetooth standard is Allows data to be multiplexed between different higher-layer protocols.

“A distant attacker at close range who knows the victim [Bluetooth device] Address can send a malicious l2cap packet and cause denial-of-service or possibly arbitrary code execution with kernel permissions, “stated Google in its notice.” Malicious Bluetooth chips can also trigger the vulnerability. “

The vulnerability, which remains to be addressed, appears to have been introduced by a 2016 change to the l2cap_core.c module.

Intel, which has invested heavily in the BlueZ project, has also issued a warning flagging CVE-2020-12351 as a privilege escalation error.

The second unpatched vulnerability (CVE-2020-12352) affects a stack-based information disclosure flaw that affects Linux kernel 3.6 and later.

As a result of a 2012 change to the alternative Alternate MAC-PHY Manager Protocol (A2MP) – a high-speed transport connection that is used in Bluetooth HS (High Speed) to enable the transmission of larger amounts of data – the problem enables a remote attacker in short distance to get kernel stack information to predict memory layout and bypass address space layout randomization (KASLR)

A third bug (CVE-2020-24490) discovered in HCI (Host Controller Interface), a standardized Bluetooth interface for sending commands, receiving events, and transferring data, is a heap-based buffer overflow that occurs affects Linux kernel 4.19 and higher, leading to a nearby attacker causing “denial of service or possibly arbitrary code execution with kernel permissions on victims’ computers when they are using Bluetooth 5- Chips are equipped and are in scan mode “.

The vulnerability, which has been accessible since 2018, has been patched in versions 4.19.137 and 5.7.13.

For its part, Intel has recommended that the kernel fixes be installed to reduce the risk associated with these issues.

“Potential security vulnerabilities in BlueZ can allow escalation of permissions or disclosure of information,” said Intel of the shortcomings. “BlueZ releases Linux kernel fixes to address these potential vulnerabilities.”




Source link