Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00403
HistoryNov 10, 2020 - 12:00 a.m.

Intel® Wireless Bluetooth® Advisory

2020-11-1000:00:00
Intel Security Center
www.intel.com
26
JSON

Summary:

Potential security vulnerabilities in some Intel® Wireless Bluetooth® products may allow escalation of privilege or denial of service.** **Intel is releasing firmware and software updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2020-12321

Description: Improper buffer restriction in some Intel® Wireless Bluetooth® products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

CVSS Base Score: 9.6 Critical

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2020-12322

Description: Improper input validation in some Intel® Wireless Bluetooth® products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CVSS Base Score: 6.5 Medium

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

Intel® Wireless Bluetooth® products:

Intel® Wi-Fi 6 AX201
Intel® Wi-Fi 6 AX200
Intel® Wireless-AC 9560
Intel® Wireless-AC 9462
Intel® Wireless-AC 9461
Intel® Wireless-AC 9260
Intel® Dual Band Wireless-AC 8265
Intel® Dual Band Wireless-AC 8260
Intel® Dual Band Wireless-AC 3168
Intel® Wireless 7265 (Rev D) Family
Intel® Dual Band Wireless-AC 3165

Recommendations:

Intel recommends updating affected Intel® Wireless Bluetooth® products to version 21.110 or later.

Windows OS:*

For Windows* 10, updates are available for download at this location:

<https://www.intel.com/content/www/us/en/support.html&gt;

Customers can also download the latest available firmware from the Intel Customer Support site here.

Linux OS:

Only CVE-2020-12321 impacts Linux. This CVE is addressed in the Intel® Wireless Bluetooth® firmware version 21.110 for Linux.

Intel® Wireless Bluetooth® firmware to mitigate these vulnerabilities have been up streamed to Linux before November 10th, 2020.

Consult the regular Open Source channels to obtain this update.

Chrome OS:

Only CVE-2020-12321 impacts Chrome OS. This CVE is addressed in the Intel® Wireless Bluetooth® firmware version 21.110 for Chromium.

Intel® Wireless Bluetooth® firmware to mitigate these vulnerabilities have been up streamed to Chromium.

For any Google Chrome OS solution and schedule, please contact Google directly.

Acknowledgements:

Intel would like to thank Denis Straghkov at the Institute for System Programming. V.P. Ivannikov RAS for reporting CVE-2020-12321 and the researchers at Singapore University of Technology and Design for reporting CVE-2020-12322.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Related

hp 1
lenovo 1
f5 1
prion 2
cve 2
nessus 18
redhatcve 1
suse 2
veracode 1
redhat 7
centos 1
almalinux 1
debiancve 1
ibm 1
threatpost 1
hp
hp
HPSBHF03700 rev. 1 - Intel® Wireless Bluetooth® November 2020 Security Update
2020-11-06 00:00:00
lenovo
lenovo
Intel Wireless Bluetooth Advisory - Lenovo Support NL
2020-11-04 16:46:36
f5
f5
K86162657 : Intel Linux Bluetooth Drivers vulnerabilities CVE-2020-12321, CVE-2020-12322
2020-11-20 00:00:00
prion
prion
Input validation
2020-11-12 18:15:00
Buffer overflow
2020-11-12 18:15:00
cve
cve
CVE-2020-12322
2020-11-12 18:15:00
CVE-2020-12321
2020-11-12 18:15:00
nessus
nessus
openSUSE Security Update : kernel-firmware (openSUSE-2020-1962)
2020-11-20 00:00:00
NewStart CGSL MAIN 6.02 : linux-firmware Vulnerability (NS-SA-2021-0082)
2021-03-10 00:00:00
CentOS 7 : linux-firmware (CESA-2021:0339)
2021-02-03 00:00:00
redhatcve
redhatcve
CVE-2020-12321
2020-11-11 01:23:23
suse
suse
Security update for kernel-firmware (important)
2020-11-19 00:00:00
Security update for kernel-firmware (important)
2020-11-19 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-12-16 11:01:22
redhat
redhat
(RHSA-2020:5416) Important: linux-firmware security and bug fix update
2020-12-15 08:07:41
(RHSA-2021:0183) Important: linux-firmware security update
2021-01-19 10:21:36
(RHSA-2022:7887) Important: linux-firmware security update
2022-11-09 10:42:41
centos
centos
iwl100, iwl1000, iwl105, iwl135, iwl2000, iwl2030, iwl3160, iwl3945, iwl4965, iwl5000, iwl5150, iwl6000, iwl6000g2a, iwl6000g2b, iwl6050, iwl7260, linux security update
2021-02-04 01:08:29
almalinux
almalinux
Important: linux-firmware security and enhancement update
2020-12-15 15:56:27
debiancve
debiancve
CVE-2020-12321
2020-11-12 18:15:00
ibm
ibm
Security Bulletin: IBM Security Guardium is affected by several vulnerabilities
2023-09-19 19:45:35
threatpost
threatpost
Colossal Intel Update Anchored by Critical Privilege-Escalation Bugs
2020-11-10 20:59:04
JSON
Related for INTEL:INTEL-SA-00403
hp1lenovo1f51prion2cve2nessus18redhatcve1suse2veracode1redhat7centos1almalinux1debiancve1ibm1threatpost1