Lucene search

K
ubuntucveUbuntu.comUB:CVE-2020-24490
HistoryOct 14, 2020 - 12:00 a.m.

CVE-2020-24490

2020-10-1400:00:00
ubuntu.com
ubuntu.com
25
bluez
buffer restrictions
cve-2020-24490
denial of service
linux kernel
unauthenticated access
sbeattie
ubuntu 20.04
kernel vulnerability

CVSS2

3.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

26.7%

Improper buffer restrictions in BlueZ may allow an unauthenticated user to
potentially enable denial of service via adjacent access. This affects all
Linux kernel versions that support BlueZ.

Notes

Author Note
sbeattie This issue affected kernels 4.18 and later; as such Ubuntu 20.04’s 5.4 kernel was fixed around 2020/09/21, before the advisory was issued. it is asserted that b2cc9761f144e8ef714be8c590603073b80ddc13 made the vulnerability accessible.
sbeattie it’s not clear if https://lore.kernel.org/linux-bluetooth/[email protected]/ is needed as well.
OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchlinux<Β 5.4.0-48.52UNKNOWN
ubuntu18.04noarchlinux-hwe-5.4<Β 5.4.0-48.52~18.04.1UNKNOWN
ubuntu20.04noarchlinux-oem-5.6<Β 5.6.0-1048.52UNKNOWN
ubuntu18.04noarchlinux-oem-osp1<Β 5.0.0-1070.76UNKNOWN
ubuntu20.04noarchlinux-raspi<Β 5.4.0-1019.21UNKNOWN
ubuntu18.04noarchlinux-raspi-5.4<Β 5.4.0-1019.21~18.04.1UNKNOWN
ubuntu18.04noarchlinux-raspi2-5.3<Β 5.3.0-1036.38UNKNOWN
ubuntu20.04noarchlinux-riscv<Β 5.4.0-34.38UNKNOWN

CVSS2

3.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

26.7%