CVE-2020-36386

kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() in net/bluetooth/hci_event.c

Severity Score

7.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf.

Se ha detectado un problema en el kernel de Linux versiones anteriores a 5.8.1. El archivo net/bluetooth/hci_event.c presenta una lectura fuera de límites en la función hci_extended_inquiry_result_evt, también se conoce como CID-51c19bf3d5cf

A flaw out of bounds memory access in the Linux kernel bluetooth subsystem was found in the way when some data being read about the bluetooth device with the hci_extended_inquiry_result_evt call. A local user could use this flaw to crash the system or read some data out of memory bounds that can lead to data confidentiality threat.

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, bypass, denial of service, double free, heap overflow, information leakage, null pointer, out of bounds read, and use-after-free vulnerabilities.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-06-07 CVE Reserved
2021-06-07 CVE Published
2024-08-04 CVE Updated
2024-08-04 First Exploit
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-125: Out-of-bounds Read

CAPEC

References (7)

URL	Tag	Source

URL	Date	SRC
https://syzkaller.appspot.com/text?tag=ReproC&x=15ca2f46900000	2024-08-04

URL	Date	SRC
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.1	2021-07-06
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51c19bf3d5cfaa66571e4b88ba2a6f6295311101	2021-07-06
https://sites.google.com/view/syzscope/kasan-slab-out-of-bounds-read-in-hci_extended_inquiry_result_evt	2021-07-06
https://syzkaller.appspot.com/bug?id=4bf11aa05c4ca51ce0df86e500fce486552dc8d2	2021-07-06

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2020-36386	2021-11-09
https://bugzilla.redhat.com/show_bug.cgi?id=1969489	2021-11-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.8.1 Search vendor "Linux" for product "Linux Kernel" and version " < 5.8.1"		-		Affected