Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2020-12352

CWE-909CWE-284Improper Access ControlCWE-201CWE-66533 documents8 sources
Severity
6.5MEDIUM
EPSS
1.9%
top 16.73%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Linux Linux KernelRED HAT Kernel
Timeline
PublishedNov 23
Latest updateJan 27

Description

Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

CVEListV5bluezSee references
NVDlinux/linux_kernel5.45.4.72+2
Debianlinux< 5.9.1-1+3
CVEListV5red_hat/kernelkernel-4.18.0-240.el8

🔴Vulnerability Details

12
OSV
linux-xilinx-zynqmp vulnerabilities2025-01-27
OSV
linux-azure-5.15 vulnerabilities2025-01-09
OSV
linux-azure, linux-intel-iotg-5.15 vulnerabilities2025-01-09
OSV
linux-gke vulnerabilities2025-01-07
OSV
linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-hwe-5.15, linux-nvidia, linux-oracle, linux-raspi vulnerabilities2025-01-06

💥Exploits & PoCs

1
Exploit-DB
Linux Kernel 5.4 - 'BleedingTooth' Bluetooth Zero-Click Remote Code Execution2021-04-08

📋Vendor Advisories

16
Ubuntu
Linux kernel (Xilinx ZynqMP) vulnerabilities2025-01-27
Ubuntu
Linux kernel vulnerabilities2025-01-09
Ubuntu
Linux kernel (Azure) vulnerabilities2025-01-09
Ubuntu
Linux kernel (GKE) vulnerabilities2025-01-07
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2025-01-06

💬Community

3
Bugzilla
CVE-2020-25662 kernel: Red Hat only CVE-2020-12352 regression2020-10-26
Bugzilla
CVE-2020-12352 kernel: net: bluetooth: information leak when processing certain AMP packets [fedora-all]2020-10-14
Bugzilla
CVE-2020-12352 kernel: net: bluetooth: information leak when processing certain AMP packets2020-10-08