Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-36386

Опубликовано: 10 июл. 2020
Источник: redhat
CVSS3: 7.1
EPSS Низкий

Описание

An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf.

A flaw out of bounds memory access in the Linux kernel bluetooth subsystem was found in the way when some data being read about the bluetooth device with the hci_extended_inquiry_result_evt call. A local user could use this flaw to crash the system or read some data out of memory bounds that can lead to data confidentiality threat.

Отчет

This flaw is rated as having a Moderate impact because even the data being read out of memory bounds is written to some cache, it was known before that this data from non-safe source and as result no any sensitive dependencies on this data.

Меры по смягчению последствий

To mitigate this issue, prevent the module bluetooth from being loaded (if Bluetooth not required for the system). Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelOut of support scope
Red Hat Enterprise Linux 7kernelWill not fix
Red Hat Enterprise Linux 7kernel-altOut of support scope
Red Hat Enterprise Linux 7kernel-rtWill not fix
Red Hat Enterprise Linux 9kernelNot affected
Red Hat Enterprise Linux 8kernel-rtFixedRHSA-2021:414009.11.2021
Red Hat Enterprise Linux 8kernelFixedRHSA-2021:435609.11.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=1969489kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() in net/bluetooth/hci_event.c

EPSS

Процентиль: 17%
0.00054
Низкий

7.1 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-36386

CVSS3: 7.1
ubuntu
около 4 лет назад

An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf.

nvd логотип

CVE-2020-36386

CVSS3: 7.1
nvd
около 4 лет назад

An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf.

debian логотип

CVE-2020-36386

CVSS3: 7.1
debian
около 4 лет назад

An issue was discovered in the Linux kernel before 5.8.1. net/bluetoot ...

github логотип

GHSA-8j4v-27x2-wh59

github
около 3 лет назад

An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf.

fstec логотип

BDU:2022-06617

CVSS3: 7.1
fstec
около 5 лет назад

Уязвимость компонента net/bluetooth/hci_event.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 17%
0.00054
Низкий

7.1 High

CVSS3