CVE-2020-12351
published 2020-11-05CVE-2020-12351: A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled L2CAP packets with A2MP CID. This flaw…
PriorityP357high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
EXPLOIT
EPSS
7.69%
93.8th percentile
A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled L2CAP packets with A2MP CID. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or potentially executing arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | linux | < linux 5.9.1-1 (bookworm) | linux 5.9.1-1 (bookworm) |
| debian | linux | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 5.9.1-1 | 5.9.1-1 |
| linux | linux_kernel | >= 0 < 5.9.1-1 | 5.9.1-1 |
| linux | linux_kernel | >= 0 < 5.9.1-1 | 5.9.1-1 |
| linux | linux_kernel | >= 0 < 5.9.1-1 | 5.9.1-1 |
| linux | linux_kernel | >= 0 < 4.15.0-122.124 | 4.15.0-122.124 |
| linux | linux_kernel | >= 0 < 5.4.0-52.57 | 5.4.0-52.57 |
| linux | linux_kernel | >= 0 < 5.15.0-130.140 | 5.15.0-130.140 |
| linux | linux_kernel | >= 0 < 4.4.0-262.296 | 4.4.0-262.296 |
| linux | linux_kernel | >= 0 < 4.15.0-122.124 | 4.15.0-122.124 |
| linux | linux_kernel | >= 0 < 5.4.0-52.57 | 5.4.0-52.57 |
| linux | linux_kernel | >= 4.10 < 4.14.202 | 4.14.202 |
| linux | linux_kernel | >= 4.15 < 4.19.152 | 4.19.152 |
| linux | linux_kernel | >= 4.20 < 5.4.72 | 5.4.72 |
| linux | linux_kernel | >= 4.7.7 < 4.9.240 | 4.9.240 |
| linux | linux_kernel | >= 5.5 < 5.8.16 | 5.8.16 |
| red_hat | kernel | — | — |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.8MEDIUMAV:A/AC:L/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_debian8.8LOW
vendor_redhat8.8HIGH
vendor_ubuntu8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Linux kernel (Xilinx ZynqMP) vulnerabilities
vendor_ubuntu·2025-01-27·CVSS 8.8
CVE-2024-43904 [HIGH] Linux kernel (Xilinx ZynqMP) vulnerabilities
Title: Linux kernel (Xilinx ZynqMP) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux
kernel contained a type-confusion error. A physically proximate remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-12351)
Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux
kernel did not properly initialize memory in some situations. A physically
proximate remote attacker could use this to expose sensitive information
(kernel memory). (CVE-2020-12352)
Andy Nguyen discovered that the Bluetooth HCI event packet parser in the
Linux kernel did not properly handle event advertisements of certain sizes,
leadi
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-01-09·CVSS 8.8
CVE-2024-50006 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux
kernel contained a type-confusion error. A physically proximate remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-12351)
Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux
kernel did not properly initialize memory in some situations. A physically
proximate remote attacker could use this to expose sensitive information
(kernel memory). (CVE-2020-12352)
Andy Nguyen discovered that the Bluetooth HCI event packet parser in the
Linux kernel did not properly handle event advertisements of certain sizes,
leading to a heap-bas
Ubuntu
Linux kernel (Azure) vulnerabilities
vendor_ubuntu·2025-01-09·CVSS 8.8
CVE-2024-50006 [HIGH] Linux kernel (Azure) vulnerabilities
Title: Linux kernel (Azure) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux
kernel contained a type-confusion error. A physically proximate remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-12351)
Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux
kernel did not properly initialize memory in some situations. A physically
proximate remote attacker could use this to expose sensitive information
(kernel memory). (CVE-2020-12352)
Andy Nguyen discovered that the Bluetooth HCI event packet parser in the
Linux kernel did not properly handle event advertisements of certain sizes,
leading to a
Ubuntu
Linux kernel (GKE) vulnerabilities
vendor_ubuntu·2025-01-07·CVSS 8.8
CVE-2024-43904 [HIGH] Linux kernel (GKE) vulnerabilities
Title: Linux kernel (GKE) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux
kernel contained a type-confusion error. A physically proximate remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-12351)
Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux
kernel did not properly initialize memory in some situations. A physically
proximate remote attacker could use this to expose sensitive information
(kernel memory). (CVE-2020-12352)
Andy Nguyen discovered that the Bluetooth HCI event packet parser in the
Linux kernel did not properly handle event advertisements of certain sizes,
leading to a he
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities
vendor_ubuntu·2025-01-06·CVSS 8.8
CVE-2024-49927 [HIGH] Linux kernel (Intel IoTG) vulnerabilities
Title: Linux kernel (Intel IoTG) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux
kernel contained a type-confusion error. A physically proximate remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-12351)
Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux
kernel did not properly initialize memory in some situations. A physically
proximate remote attacker could use this to expose sensitive information
(kernel memory). (CVE-2020-12352)
Andy Nguyen discovered that the Bluetooth HCI event packet parser in the
Linux kernel did not properly handle event advertisements of certain sizes,
leading
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-01-06·CVSS 8.8
CVE-2024-43904 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux
kernel contained a type-confusion error. A physically proximate remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-12351)
Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux
kernel did not properly initialize memory in some situations. A physically
proximate remote attacker could use this to expose sensitive information
(kernel memory). (CVE-2020-12352)
Andy Nguyen discovered that the Bluetooth HCI event packet parser in the
Linux kernel did not properly handle event advertisements of certain sizes,
leading to a heap-bas
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-01-06·CVSS 8.8
CVE-2024-53057 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux
kernel contained a type-confusion error. A physically proximate remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-12351)
Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux
kernel did not properly initialize memory in some situations. A physically
proximate remote attacker could use this to expose sensitive information
(kernel memory). (CVE-2020-12352)
Andy Nguyen discovered that the Bluetooth HCI event packet parser in the
Linux kernel did not properly handle event advertisements of certain sizes,
leading to a heap-bas
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2024-12-20·CVSS 8.8
CVE-2020-24490 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux
kernel contained a type-confusion error. A physically proximate remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-12351)
Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux
kernel did not properly initialize memory in some situations. A physically
proximate remote attacker could use this to expose sensitive information
(kernel memory). (CVE-2020-12352)
Andy Nguyen discovered that the Bluetooth HCI event packet parser in the
Linux kernel did not properly handle event advertisements of certain sizes,
leading to a heap-bas
Red Hat
kernel: Red Hat only CVE-2020-12351 regression
vendor_redhat·2020-11-03·CVSS 8.8
CVE-2020-25661 [HIGH] CWE-843 kernel: Red Hat only CVE-2020-12351 regression
kernel: Red Hat only CVE-2020-12351 regression
A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled L2CAP packets with A2MP CID. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or potentially executing arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled L2CAP packets with A2MP CID. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or potentially executing arbitrary
Ubuntu
Kernel Live Patch Security Notice
vendor_ubuntu·2020-10-23·CVSS 8.8
CVE-2020-24490 [HIGH] Kernel Live Patch Security Notice
Title: Kernel Live Patch Security Notice
Summary: Several security issues were fixed in the kernel.
Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux
kernel contained a type-confusion error. A physically proximate remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-12351)
Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux
kernel did not properly initialize memory in some situations. A physically
proximate remote attacker could use this to expose sensitive information
(kernel memory). (CVE-2020-12352)
Andy Nguyen discovered that the Bluetooth HCI event packet parser in the
Linux kernel did not properly handle event advertisements of certain sizes,
leading to a heap-base
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2020-10-20·CVSS 8.8
CVE-2020-12351 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux
kernel contained a type-confusion error. A physically proximate remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-12351)
Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux
kernel did not properly initialize memory in some situations. A physically
proximate remote attacker could use this to expose sensitive information
(kernel memory). (CVE-2020-12352)
Andy Nguyen discovered that the Bluetooth HCI event packet parser in the
Linux kernel did not properly handle event advertisements of certain sizes,
leading to a heap-bas
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2020-10-19·CVSS 8.8
CVE-2020-12352 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux
kernel contained a type-confusion error. A physically proximate remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-12351)
Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux
kernel did not properly initialize memory in some situations. A physically
proximate remote attacker could use this to expose sensitive information
(kernel memory). (CVE-2020-12352)
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel u
Red Hat
kernel: net: bluetooth: type confusion while processing AMP packets
vendor_redhat·2020-10-14·CVSS 8.8
CVE-2020-12351 [HIGH] CWE-843 kernel: net: bluetooth: type confusion while processing AMP packets
kernel: net: bluetooth: type confusion while processing AMP packets
Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
A flaw was found in the way the Linux kernel’s Bluetooth implementation handled L2CAP (Logical Link Control and Adaptation Protocol) packets with A2MP (Alternate MAC-PHY Manager Protocol) CID (Channel Identifier). This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or potentially executing arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Statement: Red Hat Enterprise Linux 7 is affected starting
Debian
CVE-2020-12351: linux - Improper input validation in BlueZ may allow an unauthenticated user to potentia...
vendor_debian·2020·CVSS 8.8
CVE-2020-12351 [HIGH] CVE-2020-12351: linux - Improper input validation in BlueZ may allow an unauthenticated user to potentia...
Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
Scope: local
bookworm: resolved (fixed in 5.9.1-1)
bullseye: resolved (fixed in 5.9.1-1)
forky: resolved (fixed in 5.9.1-1)
sid: resolved (fixed in 5.9.1-1)
trixie: resolved (fixed in 5.9.1-1)
Debian
CVE-2020-25661: linux - A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux ke...
vendor_debian·2020·CVSS 8.8
CVE-2020-25661 [HIGH] CVE-2020-25661: linux - A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux ke...
A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled L2CAP packets with A2MP CID. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or potentially executing arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
OSV
linux-xilinx-zynqmp vulnerabilities
osv·2025-01-27·CVSS 8.8
CVE-2020-12351 [HIGH] linux-xilinx-zynqmp vulnerabilities
linux-xilinx-zynqmp vulnerabilities
Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux
kernel contained a type-confusion error. A physically proximate remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-12351)
Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux
kernel did not properly initialize memory in some situations. A physically
proximate remote attacker could use this to expose sensitive information
(kernel memory). (CVE-2020-12352)
Andy Nguyen discovered that the Bluetooth HCI event packet parser in the
Linux kernel did not properly handle event advertisements of certain sizes,
leading to a heap-based buffer overflow. A physically proximate remote
attacker could u
OSV
linux-azure, linux-intel-iotg-5.15 vulnerabilities
osv·2025-01-09·CVSS 8.8
CVE-2020-12351 [HIGH] linux-azure, linux-intel-iotg-5.15 vulnerabilities
linux-azure, linux-intel-iotg-5.15 vulnerabilities
Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux
kernel contained a type-confusion error. A physically proximate remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-12351)
Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux
kernel did not properly initialize memory in some situations. A physically
proximate remote attacker could use this to expose sensitive information
(kernel memory). (CVE-2020-12352)
Andy Nguyen discovered that the Bluetooth HCI event packet parser in the
Linux kernel did not properly handle event advertisements of certain sizes,
leading to a heap-based buffer overflow. A physically proximate remote
a
OSV
linux-azure-5.15 vulnerabilities
osv·2025-01-09·CVSS 8.8
CVE-2020-12351 [HIGH] linux-azure-5.15 vulnerabilities
linux-azure-5.15 vulnerabilities
Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux
kernel contained a type-confusion error. A physically proximate remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-12351)
Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux
kernel did not properly initialize memory in some situations. A physically
proximate remote attacker could use this to expose sensitive information
(kernel memory). (CVE-2020-12352)
Andy Nguyen discovered that the Bluetooth HCI event packet parser in the
Linux kernel did not properly handle event advertisements of certain sizes,
leading to a heap-based buffer overflow. A physically proximate remote
attacker could use
OSV
linux-gke vulnerabilities
osv·2025-01-07·CVSS 8.8
CVE-2020-12351 [HIGH] linux-gke vulnerabilities
linux-gke vulnerabilities
Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux
kernel contained a type-confusion error. A physically proximate remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-12351)
Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux
kernel did not properly initialize memory in some situations. A physically
proximate remote attacker could use this to expose sensitive information
(kernel memory). (CVE-2020-12352)
Andy Nguyen discovered that the Bluetooth HCI event packet parser in the
Linux kernel did not properly handle event advertisements of certain sizes,
leading to a heap-based buffer overflow. A physically proximate remote
attacker could use this to
OSV
linux-intel-iotg vulnerabilities
osv·2025-01-06·CVSS 8.8
CVE-2020-12351 [HIGH] linux-intel-iotg vulnerabilities
linux-intel-iotg vulnerabilities
Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux
kernel contained a type-confusion error. A physically proximate remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-12351)
Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux
kernel did not properly initialize memory in some situations. A physically
proximate remote attacker could use this to expose sensitive information
(kernel memory). (CVE-2020-12352)
Andy Nguyen discovered that the Bluetooth HCI event packet parser in the
Linux kernel did not properly handle event advertisements of certain sizes,
leading to a heap-based buffer overflow. A physically proximate remote
attacker could use
OSV
linux, linux-lts-xenial vulnerabilities
osv·2025-01-06·CVSS 8.8
CVE-2020-12351 [HIGH] linux, linux-lts-xenial vulnerabilities
linux, linux-lts-xenial vulnerabilities
Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux
kernel contained a type-confusion error. A physically proximate remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-12351)
Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux
kernel did not properly initialize memory in some situations. A physically
proximate remote attacker could use this to expose sensitive information
(kernel memory). (CVE-2020-12352)
Andy Nguyen discovered that the Bluetooth HCI event packet parser in the
Linux kernel did not properly handle event advertisements of certain sizes,
leading to a heap-based buffer overflow. A physically proximate remote
attacker cou
OSV
linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-hwe-5.15, linux-nvidia, linux-oracle, linux-raspi vulnerabilities
osv·2025-01-06·CVSS 8.8
CVE-2020-12351 [HIGH] linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-hwe-5.15, linux-nvidia, linux-oracle, linux-raspi vulnerabilities
linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-hwe-5.15, linux-nvidia, linux-oracle, linux-raspi vulnerabilities
Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux
kernel contained a type-confusion error. A physically proximate remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-12351)
Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux
kernel did not properly initialize memory in some situations. A physically
proximate remote attacker could use this to expose sensitive information
(kernel memory). (CVE-2020-12352)
Andy Nguyen discovered that the Bluetooth HCI event packet parser in the
Linux kernel did not properly handle event advertisements of certain size
OSV
linux, linux-gkeop, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle-5.15 vulnerabilities
osv·2024-12-20·CVSS 8.8
CVE-2020-12351 [HIGH] linux, linux-gkeop, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle-5.15 vulnerabilities
linux, linux-gkeop, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle-5.15 vulnerabilities
Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux
kernel contained a type-confusion error. A physically proximate remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-12351)
Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux
kernel did not properly initialize memory in some situations. A physically
proximate remote attacker could use this to expose sensitive information
(kernel memory). (CVE-2020-12352)
Andy Nguyen discovered that the Bluetooth HCI event packet parser in the
Linux kernel did not properly handle event advertisements of c
GHSA
GHSA-5jpw-97pv-5g28: A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled L2CAP packets with A2MP CID
ghsa_unreviewed·2022-05-24·CVSS 8.8
CVE-2020-25661 [HIGH] CWE-843 GHSA-5jpw-97pv-5g28: A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled L2CAP packets with A2MP CID
A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled L2CAP packets with A2MP CID. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or potentially executing arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
OSV
CVE-2020-12351: Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access
osv·2020-11-23·CVSS 8.8
CVE-2020-12351 [HIGH] CVE-2020-12351: Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access
Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
OSV
CVE-2020-25661: A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled L2CAP packets with A2MP CID
osv·2020-11-05·CVSS 8.8
CVE-2020-25661 [HIGH] CVE-2020-25661: A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled L2CAP packets with A2MP CID
A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled L2CAP packets with A2MP CID. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or potentially executing arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
OSV
Kernel Live Patch Security Notice
osv·2020-10-23·CVSS 8.8
CVE-2020-12351 [HIGH] Kernel Live Patch Security Notice
Kernel Live Patch Security Notice
Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux
kernel contained a type-confusion error. A physically proximate remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-12351)
Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux
kernel did not properly initialize memory in some situations. A physically
proximate remote attacker could use this to expose sensitive information
(kernel memory). (CVE-2020-12352)
Andy Nguyen discovered that the Bluetooth HCI event packet parser in the
Linux kernel did not properly handle event advertisements of certain sizes,
leading to a heap-based buffer overflow. A physically proximate remote
attacker could use
OSV
linux-oem-osp1, linux-raspi2-5.3 vulnerabilities
osv·2020-10-20·CVSS 8.8
CVE-2020-12351 [HIGH] linux-oem-osp1, linux-raspi2-5.3 vulnerabilities
linux-oem-osp1, linux-raspi2-5.3 vulnerabilities
Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux
kernel contained a type-confusion error. A physically proximate remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-12351)
Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux
kernel did not properly initialize memory in some situations. A physically
proximate remote attacker could use this to expose sensitive information
(kernel memory). (CVE-2020-12352)
Andy Nguyen discovered that the Bluetooth HCI event packet parser in the
Linux kernel did not properly handle event advertisements of certain sizes,
leading to a heap-based buffer overflow. A physically proximate remote
att
OSV
linux, linux-hwe, linux-hwe-5.4, linux-oem, linux-raspi, linux-raspi-5.4, linux-snapdragon vulnerabilities
osv·2020-10-19·CVSS 8.8
CVE-2020-12351 [HIGH] linux, linux-hwe, linux-hwe-5.4, linux-oem, linux-raspi, linux-raspi-5.4, linux-snapdragon vulnerabilities
linux, linux-hwe, linux-hwe-5.4, linux-oem, linux-raspi, linux-raspi-5.4, linux-snapdragon vulnerabilities
Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux
kernel contained a type-confusion error. A physically proximate remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-12351)
Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux
kernel did not properly initialize memory in some situations. A physically
proximate remote attacker could use this to expose sensitive information
(kernel memory). (CVE-2020-12352)
No detection rules found.
Bugzilla
CVE-2020-25661 kernel: Red Hat only CVE-2020-12351 regression
bugzilla·2020-10-26·CVSS 8.8
CVE-2020-25661 [HIGH] CVE-2020-25661 kernel: Red Hat only CVE-2020-12351 regression
CVE-2020-25661 kernel: Red Hat only CVE-2020-12351 regression
This is a CVE-2020-12351 regression that only affects Red Hat Enterprise Linux 8.3 GA kernel version kernel-4.18.0-240.el8 (and any kernel derived from this release such as kernel rt-4.18.0-240.rt7.54.el8).
CVE-2020-12351 description follows:
A flaw was found in the way the Linux kernel Bluetooth implementation handled L2CAP packets with A2MP CID. A remote attacker in adjacent range could use this flaw to crash the system causing denial of service or potentially execute arbitrary code on the system by sending a specially crafted L2CAP packet.
Discussion:
Statement:
This issue only affects the Linux kernel version as shipped with the Red Hat Enterprise Linux 8.3 GA release, kernel-4.18.0-240.el8 (and any kernel derived from
Bugzilla
CVE-2020-12351 kernel: net: bluetooth: type confusion while processing AMP packets [fedora-all]
bugzilla·2020-10-14·CVSS 8.8
CVE-2020-12351 [HIGH] CVE-2020-12351 kernel: net: bluetooth: type confusion while processing AMP packets [fedora-all]
CVE-2020-12351 kernel: net: bluetooth: type confusion while processing AMP packets [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple
Bugzilla
CVE-2020-12351 kernel: net: bluetooth: type confusion while processing AMP packets
bugzilla·2020-10-08·CVSS 8.8
CVE-2020-12351 [HIGH] CVE-2020-12351 kernel: net: bluetooth: type confusion while processing AMP packets
CVE-2020-12351 kernel: net: bluetooth: type confusion while processing AMP packets
A flaw was found in the way the Linux kernel Bluetooth implementation handled L2CAP packets with A2MP CID. A remote attacker in adjacent range could use this flaw to crash the system causing denial of service or potentially execute arbitrary code on the system by sending a specially crafted L2CAP packet.
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1888439]
---
Acknowledgments:
Name: Andy Nguyen (Google), Intel
---
Statement:
Red Hat Enterprise Linux 7 is affected starting with the Red Hat Enterprise Linux 7.4 GA kernel version 3.10.0-693 onward.
For Red Hat OpenShift Container Platform, while the cluster nodes may be running an underlying kernel that's affecte
https://access.redhat.com/security/cve/CVE-2020-12351https://access.redhat.com/security/vulnerabilities/BleedingToothhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25661https://access.redhat.com/security/cve/CVE-2020-12351https://access.redhat.com/security/vulnerabilities/BleedingToothhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25661
2020-11-05
Published