CVE-2020-25662

CWE-284Improper Access ControlCWE-665CWE-200Information Exposure7 documents7 sources
Severity
6.5MEDIUM
EPSS
0.8%
top 26.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
RED HAT KernelRedhat Enterprise Linux
Timeline
PublishedNov 5
Latest updateMay 24

Description

A Red Hat only CVE-2020-12352 regression issue was found in the way the Linux kernel's Bluetooth stack implementation handled the initialization of stack memory when handling certain AMP packets. This flaw allows a remote attacker in an adjacent range to leak small portions of stack memory on the system by sending specially crafted AMP packets. The highest threat from this vulnerability is to data confidentiality.

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages1 packages

CVEListV5red_hat/kernelkernel-4.18.0-240.el8

Also affects: Enterprise Linux 8.3

🔴Vulnerability Details

3
GHSA
GHSA-6v9p-cxvf-8f7v: A Red Hat only CVE-2020-12352 regression issue was found in the way the Linux kernel's Bluetooth stack implementation handled the initialization of st2022-05-24
CVEList
CVE-2020-25662: A Red Hat only CVE-2020-12352 regression issue was found in the way the Linux kernel's Bluetooth stack implementation handled the initialization of st2020-11-05
OSV
CVE-2020-25662: A Red Hat only CVE-2020-12352 regression issue was found in the way the Linux kernel's Bluetooth stack implementation handled the initialization of st2020-11-05

📋Vendor Advisories

2
Red Hat
kernel: Red Hat only CVE-2020-12352 regression2020-11-03
Debian
CVE-2020-25662: linux - A Red Hat only CVE-2020-12352 regression issue was found in the way the Linux ke...2020

💬Community

1
Bugzilla
CVE-2020-25662 kernel: Red Hat only CVE-2020-12352 regression2020-10-26