SUSE: Security Advisory (SUSE-SU-2020:2980-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux Kernel Bug Opens Door to Wider Cyberattacks

An information-disclosure security vulnerability has been discovered in the Linux kernel, which can be exploited to expose information in the kernel stack memory of vulnerable devices. Specifically, the bug CVE-2020-28588 exists in the /proc/pid/syscall functionality of 32-bit ARM devices running...

SUSE: Security Advisory (SUSE-SU-2020:2981-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux Kernel 5.4 BleedingTooth Remote Code Execution

/ BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution by Andy Nguyen theflow@ This Proof-Of-Concept demonstrates the exploitation of CVE-2020-12351 and CVE-2020-12352. Compile using: $ gcc -o exploit exploit.c -lbluetooth and execute as: $ sudo ./exploit targetmac sourceip sourceport ...

Linux Kernel 5.4 - 'BleedingTooth' Bluetooth Zero-Click Remote Code Execution

Exploit Title: Linux Kernel 5.4 - 'BleedingTooth' Bluetooth Zero-Click Remote Code Execution Date: 06/04/2020 Exploit Author: Google Security Research Andy Nguyen Tested on: 5.4.0-48-generic 52-Ubuntu SMP Thu Sep 10 10:58:49 UTC 2020 x8664 x8664 x8664 GNU/Linux CVE : CVE-2020-12351, CVE-2020-1235...

SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3532-1)

The SUSE Linux Enterprise 15 LTSS kernel was updated to receive various security and bug fixes. The following security bugs were fixed : CVE-2020-25705: A flaw in the way reply ICMP packets are limited in was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remote...

SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2981-1)

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-12351: Fixed a type confusion while processing AMP packets aka 'BleedingTooth' aka 'BadKarma' bsc1177724. CVE-2020-12352: Fixed an information leak when...

SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3513-1)

The SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive various security and bug fixes. The following security bugs were fixed : CVE-2020-25705: A flaw in the way reply ICMP packets are limited in was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remot...

SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:2972-1)

The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-12351: Fixed a type confusion while processing AMP packets aka 'BleedingTooth' aka 'BadKarma' bsc1177724. CVE-2020-12352: Fixed an information leak when...

SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:2980-1)

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-12351: Fixed a type confusion while processing AMP packets aka 'BleedingTooth' aka 'BadKarma' bsc1177724. CVE-2020-24490: Fixed a heap buffer overflow wh...

openSUSE Security Update : the Linux Kernel (openSUSE-2020-2112)

The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2020-12351: Fixed a type confusion while processing AMP packets aka 'BleedingTooth' aka 'BadKarma' bsc1177724. - CVE-2020-24490: Fixed a heap buffer overflow when...

SUSE-SU-2020:3402-1 Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP2)

This update for the Linux Kernel 5.3.18-2412 fixes several issues. The following security issues were fixed: - CVE-2020-12351: Fixed a type confusion while processing AMP packets aka 'BleedingTooth' aka 'BadKarma' bsc1177724, bsc1177729, bsc1178397. - CVE-2020-25645: Fixed an an issue in IPsec th...

openSUSE: Security Advisory for the (openSUSE-SU-2020:1698-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

RHEL 7 : kernel (RHSA-2020:4281)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4281 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net: bluetooth: type confusion...

openSUSE Security Update : the Linux Kernel (openSUSE-2020-1698)

The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2020-12351: Fixed a type confusion while processing AMP packets aka 'BleedingTooth' aka 'BadKarma' bsc1177724. - CVE-2020-24490: Fixed a heap buffer overflow when...

RHEL 7 : kernel-rt (RHSA-2020:4280)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4280 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...

Security update for the Linux Kernel (important)

openSUSE Security Update: Security update for the Linux Kernel Announcement ID: openSUSE-SU-2020:1698-1 Rating: important References: 1065600 1065729 1155798 1165692 1168468 1171675 1171688 1174003 1174098 1175599 1175621 1175718 1175807 1176019 1176381 1176400 1176588 1176907 1176979 1177090...

Google Warns of Zero-Click Bluetooth Flaws in Linux-based Devices

Google security researchers are warning of a new set of zero-click vulnerabilities in the Linux Bluetooth software stack that can allow a nearby unauthenticated, remote attacker to execute arbitrary code with kernel privileges on vulnerable devices. According to security engineer Andy Nguyen, the...

Google Warns of Zero-Click Bluetooth Flaws in Linux-based Devices

Google security researchers are warning of a new set of zero-click vulnerabilities in the Linux Bluetooth software stack that can allow a nearby unauthenticated, remote attacker to execute arbitrary code with kernel privileges on vulnerable devices. According to security engineer Andy Nguyen, the...

Fedora 31 : kernel (2020-ad980d282f)

This update contains patches for the BleedingTooth CVEs. ---- The 5.8.15 stable kernel update contains a number of important fixes across the tree. ---- The 5.8.14 stable kernel update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the...