cbcvebase.
CVE-2020-12351
published 2020-11-05

CVE-2020-12351: A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled L2CAP packets with A2MP CID. This flaw…

PriorityP357high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
EXPLOIT
EPSS
7.69%
93.8th percentile
A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled L2CAP packets with A2MP CID. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or potentially executing arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Affected

21 ranges
VendorProductVersion rangeFixed in
debianlinux< linux 5.9.1-1 (bookworm)linux 5.9.1-1 (bookworm)
debianlinux
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel>= 0 < 5.9.1-15.9.1-1
linuxlinux_kernel>= 0 < 5.9.1-15.9.1-1
linuxlinux_kernel>= 0 < 5.9.1-15.9.1-1
linuxlinux_kernel>= 0 < 5.9.1-15.9.1-1
linuxlinux_kernel>= 0 < 4.15.0-122.1244.15.0-122.124
linuxlinux_kernel>= 0 < 5.4.0-52.575.4.0-52.57
linuxlinux_kernel>= 0 < 5.15.0-130.1405.15.0-130.140
linuxlinux_kernel>= 0 < 4.4.0-262.2964.4.0-262.296
linuxlinux_kernel>= 0 < 4.15.0-122.1244.15.0-122.124
linuxlinux_kernel>= 0 < 5.4.0-52.575.4.0-52.57
linuxlinux_kernel>= 4.10 < 4.14.2024.14.202
linuxlinux_kernel>= 4.15 < 4.19.1524.19.152
linuxlinux_kernel>= 4.20 < 5.4.725.4.72
linuxlinux_kernel>= 4.7.7 < 4.9.2404.9.240
linuxlinux_kernel>= 5.5 < 5.8.165.8.16
red_hatkernel
redhatenterprise_linux

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.8MEDIUMAV:A/AC:L/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_debian8.8LOW
vendor_redhat8.8HIGH
vendor_ubuntu8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.