CVE-2020-24490

kernel: net: bluetooth: heap buffer overflow when processing extended advertising report events

Severity Score

6.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ.

Unas restricciones de búfer inapropiadas en BlueZ pueden permitir a un usuario no autenticado habilitar potencialmente la denegación de servicio por medio de un acceso adyacente. Esto afecta a todas las versiones del kernel de Linux que admiten BlueZ

A heap buffer overflow flaw was found in the way the Linux kernel’s Bluetooth implementation processed extended advertising report events. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or to potentially execute arbitrary code on the system by sending a specially crafted Bluetooth packet. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

*Credits: N/A

CVSS Scores

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Adjacent

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-08-19 CVE Reserved
2020-10-20 CVE Published
2023-10-19 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-122: Heap-based Buffer Overflow

CAPEC

References (3)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html	2021-07-21

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2020-24490	2020-11-04
https://bugzilla.redhat.com/show_bug.cgi?id=1888449	2020-11-04

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Bluez Search vendor "Bluez"	Bluez Search vendor "Bluez" for product "Bluez"	-	-	Affected	in	Linux Search vendor "Linux"	Linux Kernel Search vendor "Linux" for product "Linux Kernel"	>= 4.19 < 4.19.137 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19 < 4.19.137"	-	Safe
Bluez Search vendor "Bluez"	Bluez Search vendor "Bluez" for product "Bluez"	-	-	Affected	in	Linux Search vendor "Linux"	Linux Kernel Search vendor "Linux" for product "Linux Kernel"	>= 4.20 < 5.4.56 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 5.4.56"	-	Safe
Bluez Search vendor "Bluez"	Bluez Search vendor "Bluez" for product "Bluez"	-	-	Affected	in	Linux Search vendor "Linux"	Linux Kernel Search vendor "Linux" for product "Linux Kernel"	>= 5.5.0 < 5.7.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5.0 < 5.7.13"	-	Safe