Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2020-12351

CWE-20 — Improper Input Validation CWE-84332 documents8 sources

Severity

8.8HIGH

EPSS

2.7%

top 14.07%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Linux Linux Kernel RED HAT Kernel

Timeline

PublishedNov 23

Latest updateJan 27

Description

Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages34 packages

▶CVEListV5bluezSee references

▶NVDlinux/linux_kernel4.7.7 — 4.9.240+6

▶Debianlinux< 5.9.1-1+3

▶Ubuntulinux< 4.15.0-122.124+5

▶Ubuntulinux-hwe< 4.15.0-122.124~16.04.1

🔴Vulnerability Details

OSV

linux-xilinx-zynqmp vulnerabilities↗2025-01-27

▶

OSV

linux-azure, linux-intel-iotg-5.15 vulnerabilities↗2025-01-09

▶

OSV

linux-azure-5.15 vulnerabilities↗2025-01-09

▶

OSV

linux-gke vulnerabilities↗2025-01-07

▶

OSV

linux-intel-iotg vulnerabilities↗2025-01-06

▶

💥Exploits & PoCs

Exploit-DB

Linux Kernel 5.4 - 'BleedingTooth' Bluetooth Zero-Click Remote Code Execution↗2021-04-08

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Xilinx ZynqMP) vulnerabilities↗2025-01-27

▶

Ubuntu

Linux kernel vulnerabilities↗2025-01-09

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2025-01-09

▶

Ubuntu

Linux kernel (GKE) vulnerabilities↗2025-01-07

▶

Ubuntu

Linux kernel (Intel IoTG) vulnerabilities↗2025-01-06

▶

💬Community

Bugzilla

CVE-2020-25661 kernel: Red Hat only CVE-2020-12351 regression↗2020-10-26

▶

Bugzilla

CVE-2020-12351 kernel: net: bluetooth: type confusion while processing AMP packets [fedora-all]↗2020-10-14

▶

Bugzilla

CVE-2020-12351 kernel: net: bluetooth: type confusion while processing AMP packets↗2020-10-08

▶