{"containers": {"cna": {"affected": [{"product": "BlueZ", "vendor": "n/a", "versions": [{"status": "affected", "version": "See references"}]}], "descriptions": [{"lang": "en", "value": "Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access."}], "problemTypes": [{"descriptions": [{"description": "escalation of privilege", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-04-08T15:06:22", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html?wapkw=CVE-2020-12351"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/162131/Linux-Kernel-5.4-BleedingTooth-Remote-Code-Execution.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@intel.com", "ID": "CVE-2020-12351", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "BlueZ", "version": {"version_data": [{"version_value": "See references"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "escalation of privilege"}]}]}, "references": {"reference_data": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html?wapkw=CVE-2020-12351", "refsource": "MISC", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html?wapkw=CVE-2020-12351"}, {"name": "http://packetstormsecurity.com/files/162131/Linux-Kernel-5.4-BleedingTooth-Remote-Code-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/162131/Linux-Kernel-5.4-BleedingTooth-Remote-Code-Execution.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:56:51.231Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html?wapkw=CVE-2020-12351"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/162131/Linux-Kernel-5.4-BleedingTooth-Remote-Code-Execution.html"}]}]}, "cveMetadata": {"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2020-12351", "datePublished": "2020-11-23T16:15:38", "dateReserved": "2020-04-28T00:00:00", "dateUpdated": "2024-08-04T11:56:51.231Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "08773B20-01AF-4061-8951-B595A37CFB4B", "versionEndExcluding": "4.9.240", "versionStartIncluding": "4.7.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E2D7A7E-D935-4817-8AE4-66DED8AA8A2D", "versionEndExcluding": "4.14.202", "versionStartIncluding": "4.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "66F89D5B-1E6E-4A87-A6A1-A4B7C283657A", "versionEndExcluding": "4.19.152", "versionStartIncluding": "4.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA6369D1-CCFF-4758-8837-FA53432ECB57", "versionEndExcluding": "5.4.72", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "24B20F22-E73D-4739-8952-F751BC0027A9", "versionEndExcluding": "5.8.16", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.9.0:-:*:*:*:*:*:*", "matchCriteriaId": "B2C150C3-165E-42D6-80D4-87B11340B08C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.9.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "21F51360-AF61-433B-9FD9-D7DE742FABF9", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.9.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "AFF43A64-F1B2-49B5-9B1A-3C5287E30CC7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.9.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "7CD5DFA0-15FB-44C2-8C2F-DCABACB998B7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.9.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "DEA3DDD5-5114-44C0-8805-0A0579BB0034", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.9.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "573B49F4-C6E1-4032-B46F-70506FE98562", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.9.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "78F80706-7471-472D-B9A8-ABDB3C714B4B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "162E532B-A9E5-4483-B71E-E2D7EEBE3F33", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access."}, {"lang": "es", "value": "Una comprobaci\u00f3n de entrada incorrecta en BlueZ puede permitir a un usuario no autenticado habilitar potencialmente una escalada de privilegios por medio de un acceso adyacente"}], "id": "CVE-2020-12351", "lastModified": "2024-11-21T04:59:33.433", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-11-23T17:15:12.250", "references": [{"source": "secure@intel.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/162131/Linux-Kernel-5.4-BleedingTooth-Remote-Code-Execution.html"}, {"source": "secure@intel.com", "tags": ["Third Party Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html?wapkw=CVE-2020-12351"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/162131/Linux-Kernel-5.4-BleedingTooth-Remote-Code-Execution.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html?wapkw=CVE-2020-12351"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Andy Nguyen (Google) and Intel for reporting this issue.", "affected_release": [{"advisory": "RHSA-2020:4280", "cpe": "cpe:/a:redhat:rhel_extras_rt:7", "package": "kernel-rt-0:3.10.0-1160.2.2.rt56.1134.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-10-19T00:00:00Z"}, {"advisory": "RHSA-2020:4276", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-1160.2.2.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4279", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-alt-0:4.14.0-115.32.1.el7a", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-10-19T00:00:00Z"}, {"advisory": "RHSA-2020:4278", "cpe": "cpe:/o:redhat:rhel_aus:7.4", "package": "kernel-0:3.10.0-693.77.1.el7", "product_name": "Red Hat Enterprise Linux 7.4 Advanced Update Support", "release_date": "2020-10-19T00:00:00Z"}, {"advisory": "RHSA-2020:4278", "cpe": "cpe:/o:redhat:rhel_tus:7.4", "package": "kernel-0:3.10.0-693.77.1.el7", "product_name": "Red Hat Enterprise Linux 7.4 Telco Extended Update Support", "release_date": "2020-10-19T00:00:00Z"}, {"advisory": "RHSA-2020:4278", "cpe": "cpe:/o:redhat:rhel_e4s:7.4", "package": "kernel-0:3.10.0-693.77.1.el7", "product_name": "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions", "release_date": "2020-10-19T00:00:00Z"}, {"advisory": "RHSA-2020:4281", "cpe": "cpe:/o:redhat:rhel_eus:7.6", "package": "kernel-0:3.10.0-957.61.2.el7", "product_name": "Red Hat Enterprise Linux 7.6 Extended Update Support", "release_date": "2020-10-19T00:00:00Z"}, {"advisory": "RHSA-2020:4277", "cpe": "cpe:/o:redhat:rhel_eus:7.7", "package": "kernel-0:3.10.0-1062.37.1.el7", "product_name": "Red Hat Enterprise Linux 7.7 Extended Update Support", "release_date": "2020-10-19T00:00:00Z"}, {"advisory": "RHSA-2020:4289", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-193.28.1.rt13.77.el8_2", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4286", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-193.28.1.el8_2", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4288", "cpe": "cpe:/o:redhat:rhel_e4s:8.0", "package": "kernel-0:4.18.0-80.30.1.el8_0", "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4287", "cpe": "cpe:/o:redhat:rhel_eus:8.1", "package": "kernel-0:4.18.0-147.32.1.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2020-10-20T00:00:00Z"}, {"advisory": "RHSA-2020:4281", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "kernel-0:3.10.0-957.61.2.el7", "product_name": "Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2020-10-19T00:00:00Z"}], "bugzilla": {"description": "kernel: net: bluetooth: type confusion while processing AMP packets", "id": "1886521", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886521"}, "csaw": true, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-843", "details": ["Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.", "A flaw was found in the way the Linux kernel\u2019s Bluetooth implementation handled L2CAP (Logical Link Control and Adaptation Protocol) packets with A2MP (Alternate MAC-PHY Manager Protocol) CID (Channel Identifier). This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or potentially executing arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."], "mitigation": {"lang": "en:us", "value": "To mitigate these vulnerabilities on the operating system level, disable the Bluetooth functionality via blocklisting kernel modules in the Linux kernel. The kernel modules can be prevented from being loaded by using system-wide modprobe rules. Instructions on how to disable Bluetooth modules are available on the Customer Portal at https://access.redhat.com/solutions/2682931.\nAlternatively, Bluetooth can be disabled within the hardware or at BIOS level which will also provide an effective mitigation as the kernel will not be able to detect that Bluetooth hardware is present on the system."}, "name": "CVE-2020-12351", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2020-10-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-12351\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12351\nhttps://github.com/google/security-research/security/advisories/GHSA-7mh3-gq28-gfrq\nhttps://github.com/google/security-research/security/advisories/GHSA-h637-c88j-47wq\nhttps://lore.kernel.org/linux-bluetooth/20200806181714.3216076-1-luiz.dentz@gmail.com/\nhttps://lore.kernel.org/linux-bluetooth/20200806181714.3216076-2-luiz.dentz@gmail.com/\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html\nhttps://www.zdnet.com/article/google-warns-of-severe-bleedingtooth-bluetooth-flaw-in-linux-kernel/"], "statement": "Red Hat Enterprise Linux 7 is affected starting with the Red Hat Enterprise Linux 7.4 GA kernel version 3.10.0-693 onward.\nFor Red Hat OpenShift Container Platform, while the cluster nodes may be running an underlying kernel that's affected by this flaw present, both virtual and physical hosts in a production environment will generally have the mitigation already in place of having Bluetooth hardware either not present, or not enabled.", "threat_severity": "Important"}