{"containers": {"cna": {"affected": [{"product": "Intel(R) Wireless Bluetooth(R)", "vendor": "n/a", "versions": [{"status": "affected", "version": "before version 21.110"}]}], "descriptions": [{"lang": "en", "value": "Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access."}], "problemTypes": [{"descriptions": [{"description": "escalation of privilege", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-11-12T18:12:10.000Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00403"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@intel.com", "ID": "CVE-2020-12321", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Intel(R) Wireless Bluetooth(R)", "version": {"version_data": [{"version_value": "before version 21.110"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "escalation of privilege"}]}]}, "references": {"reference_data": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00403", "refsource": "MISC", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00403"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:56:51.329Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00403"}]}]}, "cveMetadata": {"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2020-12321", "datePublished": "2020-11-12T18:12:10.000Z", "dateReserved": "2020-04-28T00:00:00.000Z", "dateUpdated": "2024-08-04T11:56:51.329Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:dual_band_wireless-ac_3168_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1F44B727-A61B-4B93-B7B1-09E7EBCC57D1", "versionEndExcluding": "21.110", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:dual_band_wireless-ac_3168:-:*:*:*:*:*:*:*", "matchCriteriaId": "3E3F3AC3-7774-44DE-82C3-531D874D6175", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:dual_band_wireless-ac_8260_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5082F651-CC50-4E53-90B0-426111BFF813", "versionEndExcluding": "21.110", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:dual_band_wireless-ac_8260:-:*:*:*:*:*:*:*", "matchCriteriaId": "FD5900B9-D8E3-4928-B587-955BCAE07460", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:dual_band_wireless-ac_8265_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "925CE55F-442D-4EFD-AC2C-AB9CDB94D534", "versionEndExcluding": "21.110", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:dual_band_wireless-ac_8265:-:*:*:*:*:*:*:*", "matchCriteriaId": "89ED6FDA-BE47-4E7D-A449-439A917119DA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:wi-fi_6_ax200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F20A2CC7-FB72-43E3-B06C-265DEBF15162", "versionEndExcluding": "21.110", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:wi-fi_6_ax200:-:*:*:*:*:*:*:*", "matchCriteriaId": "9D653F9C-5B2E-400F-8F50-BFE466F08F0E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:wi-fi_6_ax201_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FDAC7CFA-A7C5-41E8-B0CD-F87F89C65500", "versionEndExcluding": "21.110", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:wi-fi_6_ax201:-:*:*:*:*:*:*:*", "matchCriteriaId": "A0433774-9479-4A01-B697-1379AEA223C9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:wireless-ac_9260_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B11777A7-3A99-4619-8CC8-C5EC4ECA1062", "versionEndExcluding": "21.110", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:wireless-ac_9260:-:*:*:*:*:*:*:*", "matchCriteriaId": "4900842A-56C4-4F09-BBD4-080EC7CEBF33", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:wireless-ac_9461_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "438C8188-2F72-4915-9A65-A955A09B8A05", "versionEndExcluding": "21.110", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:wireless-ac_9461:-:*:*:*:*:*:*:*", "matchCriteriaId": "2F198C1B-28A8-4FB8-9266-333A6E465445", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:wireless-ac_9462_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DF5ACA70-6388-4A3D-86BB-997016A48071", "versionEndExcluding": "21.110", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:wireless-ac_9462:-:*:*:*:*:*:*:*", "matchCriteriaId": "1B60A55C-0969-43D4-A1A8-0E736DE89AFA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:wireless-ac_9560_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "047A3925-3023-4AAB-B0E2-905B1FC12B87", "versionEndExcluding": "21.110", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:wireless-ac_9560:-:*:*:*:*:*:*:*", "matchCriteriaId": "C7A5DD09-188E-4772-BBFD-3DCC776F4D55", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:wireless_7265_\\(rev_d\\)_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7B905141-5EC7-4DF2-944D-84BCE30BBBA4", "versionEndExcluding": "21.110", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:wireless_7265_\\(rev_d\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "BD700D79-A4B3-4C62-93BE-D13F016AA3CC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:dual_band_wireless-ac_3165_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA251E20-3875-4877-A844-DCAEB17AF1CA", "versionEndExcluding": "21.110", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:dual_band_wireless-ac_3165:-:*:*:*:*:*:*:*", "matchCriteriaId": "0C1729F4-7CCA-404A-903E-F0F6C1F9302B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access."}, {"lang": "es", "value": "Una restricci\u00f3n de b\u00fafer inapropiada en algunos productos Intel\u00ae Wireless Bluetooth\u00ae anterior a versi\u00f3n 21.110, puede habilitar a un usuario no autenticado para permitir potencialmente una escalada de privilegios por medio de un acceso adyacente"}], "id": "CVE-2020-12321", "lastModified": "2024-11-21T04:59:30.700", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-11-12T18:15:14.533", "references": [{"source": "secure@intel.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00403"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00403"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2021:0339", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "linux-firmware-0:20200421-80.git78c0348.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2021-02-02T00:00:00Z"}, {"advisory": "RHSA-2022:7887", "cpe": "cpe:/o:redhat:rhel_aus:7.7", "package": "linux-firmware-0:20190429-73.gitddde598.el7_7", "product_name": "Red Hat Enterprise Linux 7.7 Advanced Update Support", "release_date": "2022-11-09T00:00:00Z"}, {"advisory": "RHSA-2022:7887", "cpe": "cpe:/o:redhat:rhel_tus:7.7", "package": "linux-firmware-0:20190429-73.gitddde598.el7_7", "product_name": "Red Hat Enterprise Linux 7.7 Telco Extended Update Support", "release_date": "2022-11-09T00:00:00Z"}, {"advisory": "RHSA-2022:7887", "cpe": "cpe:/o:redhat:rhel_e4s:7.7", "package": "linux-firmware-0:20190429-73.gitddde598.el7_7", "product_name": "Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions", "release_date": "2022-11-09T00:00:00Z"}, {"advisory": "RHSA-2020:5479", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "linux-firmware-0:20200619-101.git3890db36.el8_3", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-12-15T00:00:00Z"}, {"advisory": "RHSA-2021:0183", "cpe": "cpe:/o:redhat:rhel_eus:8.1", "package": "linux-firmware-0:20190516-96.git711d3297.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2021-01-19T00:00:00Z"}, {"advisory": "RHSA-2020:5416", "cpe": "cpe:/o:redhat:rhel_eus:8.2", "package": "linux-firmware-0:20191202-99.gite8a0f4c9.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2020-12-15T00:00:00Z"}], "bugzilla": {"description": "hardware: buffer overflow in bluetooth firmware", "id": "1893914", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1893914"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-120", "details": ["Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.", "A flaw was found in the firmware of some Intel Bluetooth devices. This may allow an unauthenticated attacker within Bluetooth range to overflow a buffer and corrupt memory leading to a crash or privilege escalation."], "mitigation": {"lang": "en:us", "value": "To mitigate these vulnerabilities on the operating system level, disable the Bluetooth functionality via blocklisting kernel modules in the Linux kernel. The kernel modules can be prevented from being loaded by using system-wide modprobe rules. Instructions on how to disable Bluetooth modules are available on the Customer Portal at https://access.redhat.com/solutions/2682931.\nAlternatively, Bluetooth can be disabled within the hardware or at BIOS level which will also provide an effective mitigation as the kernel will not be able to detect that Bluetooth hardware is present on the system."}, "name": "CVE-2020-12321", "public_date": "2020-11-10T13:55:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-12321\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12321\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00403.html"], "threat_severity": "Important"}

{}