Zero-Click Bluetooth Flaws In Linux Devices Identified By Google

Security researchers at Google are warning of a new zero-click vulnerability found within the Linux Bluetooth software stack that would allow nearby, unauthenticated, remote attackers the ability to execute arbitrary code – with kernel privileges.

What this means is that the attacker would have full control to do just about anything they wanted if within range.

According to Security Engineer Andy Nguyen three flaws which are used together are called BleedingTooth. This exploit resides in the open-source BlueZ protocol stack which supports many of the core Bluetooth layers used in Linux-based devices such as IoT devices, mobile devices and laptops.

“A remote attacker in short distance knowing the victim’s [Bluetooth device] address can send a malicious l2cap packet and cause denial of service or possibly arbitrary code execution with kernel privileges… Malicious Bluetooth chips can trigger the vulnerability as well.”

Google Securityhttps://security.googleblog.com/

The most severe CVE ( CVE-2020-12351, CVSS score 8.3 ) is a heap-based type confusion affecting Linux kernel 4.8 and higher. This is generally present in Logical Link Control and Adaptation Protocol ( L2CAP ) of the Bluetooth standard. This provides multiplexing of data between other, higher layer protocols.

The second unpatched vulnerability ( CVE-2020-12352 ) concerns a stack-based information disclosure flaw affecting Linux kernel 3.6 and higher.

A change from 2012 on the core Alternate MAC-PHY Manager Protocol ( A2MP ) which is a high-speed transport link used within the Bluetooth HS ( High Speed ) to enable the transfer of larger amounts of data. The exploit allows an attacker – within close proximity to the device – the ability to retrieve kernel stack information and then using it to predict the memory layout and overcome address space layout randomization ( KASLR ).

The third and last flaw, (CVE-2020-24490) discovered in HCI (Host Controller Interface), a standardized Bluetooth interface used for sending commands, receiving events, and for transmitting data, is a heap-based buffer overflow impacting Linux kernel 4.19 and higher, causing a nearby remote attacker to “cause denial of service or possibly arbitrary code execution with kernel privileges on victim machines if they are equipped with Bluetooth 5 chips and are in scanning mode.”

“Potential security vulnerabilities in BlueZ may allow escalation of privilege or information disclosure… BlueZ is releasing Linux kernel fixes to address these potential vulnerabilities.”

Intel

• About
• Latest Posts

David

I have been in the Information Technology industry for a little over a decade gaining a Bachelors degree in Information System Security and securing employment with various industries including Government, Financial, Healthcare, Corporate and the End User sectors.
I started Your Digital Mind in 2016as a way to share my love for Education, Technology and Science in an entertaining yet rewarding format. I hope you are learning and enjoying!

Latest posts by David (see all)

• iOS 16.4.1— Urgent Update Recommended - April 10, 2023
• SAML – What The Heck Is Security Assertion Markup Language? - April 6, 2023
• Employees Sharing Sensitive Business Data with ChatGPT Raises Security Concerns - March 30, 2023