Описание
A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.
A flaw was found in the Linux kernel's implementation of Logical Link Control and Adaptation Protocol (L2CAP), part of the Bluetooth stack. An attacker, within the range of standard Bluetooth transmissions, can create and send a specially crafted packet. The response to this specially crafted packet can contain part of the kernel stack which can be used in a further attack.
Меры по смягчению последствий
- Disabling the bluetooth hardware in the bios.
- Prevent loading of the bluetooth kernel modules.
- Disable the bluetooth connection by putting the system in "airport" mode.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kernel | Will not fix | ||
| Red Hat Enterprise Linux 6 | kernel | Will not fix | ||
| Red Hat Enterprise MRG 2 | kernel-rt | Will not fix | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Fixed | RHSA-2019:2043 | 07.08.2019 |
| Red Hat Enterprise Linux 7 | kernel | Fixed | RHSA-2019:2029 | 06.08.2019 |
| Red Hat Enterprise Linux 7 | kernel-alt | Fixed | RHSA-2020:0740 | 09.03.2020 |
| Red Hat Enterprise Linux 8 | kernel-rt | Fixed | RHSA-2019:3309 | 05.11.2019 |
| Red Hat Enterprise Linux 8 | kernel | Fixed | RHSA-2019:3517 | 05.11.2019 |
Показывать по
Дополнительная информация
Статус:
5.3 Medium
CVSS3
Связанные уязвимости
A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.
A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.
A heap address information leak while using L2CAP_GET_CONF_OPT was dis ...
A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.
Уязвимость функции L2CAP_GET_CONF_OPT ядра операционных систем Linux, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальным данным
5.3 Medium
CVSS3