CVE-2020-24490
kernel: net: bluetooth: heap buffer overflow when processing extended advertising report events
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ.
Unas restricciones de búfer inapropiadas en BlueZ pueden permitir a un usuario no autenticado habilitar potencialmente la denegación de servicio por medio de un acceso adyacente. Esto afecta a todas las versiones del kernel de Linux que admiten BlueZ
A heap buffer overflow flaw was found in the way the Linux kernel’s Bluetooth implementation processed extended advertising report events. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or to potentially execute arbitrary code on the system by sending a specially crafted Bluetooth packet. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proximate attacker could use this to impersonate a previously paired Bluetooth device. Jay Shin discovered that the ext4 file system implementation in the Linux kernel did not properly handle directory access with broken indexing, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-08-19 CVE Reserved
- 2020-10-19 CVE Published
- 2024-04-29 First Exploit
- 2024-08-04 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-122: Heap-based Buffer Overflow
CAPEC
References (5)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/AbrarKhan/linux_CVE-2020-24490-beforePatch | 2024-04-29 |
| URL | Date | SRC |
|---|---|---|
| https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html | 2021-07-21 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2020-24490 | 2020-11-04 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1888449 | 2020-11-04 | |
| https://access.redhat.com/security/vulnerabilities/BleedingTooth | 2020-11-04 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Bluez Search vendor "Bluez" | Bluez Search vendor "Bluez" for product "Bluez" | - | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.19 < 4.19.137 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19 < 4.19.137" | - |
Safe
|
| Bluez Search vendor "Bluez" | Bluez Search vendor "Bluez" for product "Bluez" | - | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.20 < 5.4.56 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 5.4.56" | - |
Safe
|
| Bluez Search vendor "Bluez" | Bluez Search vendor "Bluez" for product "Bluez" | - | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.5.0 < 5.7.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5.0 < 5.7.13" | - |
Safe
|