PT-2020-4305 · Linux+6 · Linux Kernel+6

Andy Nguyen

·

Published

2020-09-25

·

Updated

2025-01-27

·

CVE-2020-12352

CVSS v3.1

6.5

Medium

VectorAV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions: BlueZ (affected versions not specified) Linux kernel (affected versions not specified)
Description: The issue is related to improper access control in BlueZ and a vulnerability in the Linux kernel's net/bluetooth/a2mp.c component, which lacks protection of service data. This could allow an unauthenticated user or a remote attacker to potentially enable information disclosure via adjacent access or by using specially crafted AMP packets.
Recommendations: For BlueZ, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Linux kernel, consider restricting access to the net/bluetooth/a2mp.c component to minimize the risk of exploitation until a patch is available.

Exploit

Improper Access Control

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-909CWE-284CWE-200CWE-201

Related Identifiers

BDU:2020-04798
CESA-2020_4286
CESA-2020_4289
CVE-2020-12352
DLA-2417-1
DLA-2420-1
DLA-2420-2
DSA-4774-1
LSN-0073-1
LSN-0074-1
MGASA-2020-0392
OESA-2021-1003
OPENSUSE-SU-2020:1682-1
OPENSUSE-SU-2020:1698-1
OPENSUSE-SU-2020:2112-1
OPENSUSE-SU-2020_1682-1
OPENSUSE-SU-2020_1698-1
OPENSUSE-SU-2020_2112-1
OPENSUSE-SU-2021:0242-1
OPENSUSE-SU-2021_0242-1
OPENSUSE-SU-2024:10728-1
OPENSUSE-SU-2024:13704-1
RHSA-2020:4276
RHSA-2020:4277
RHSA-2020:4278
RHSA-2020:4279
RHSA-2020:4280
RHSA-2020:4281
RHSA-2020:4286
RHSA-2020:4287
RHSA-2020:4288
RHSA-2020:4289
RHSA-2020:4685
RHSA-2020:4686
RHSA-2020:4990
RHSA-2020:4991
RHSA-2020_4276
RHSA-2020_4280
RHSA-2020_4286
RHSA-2020_4289
SUSE-FU-2022:4496-1
SUSE-SU-2020:2972-1
SUSE-SU-2020:2980-1
SUSE-SU-2020:2981-1
SUSE-SU-2020:3281-1
SUSE-SU-2020:3484-1
SUSE-SU-2020:3491-1
SUSE-SU-2020:3501-1
SUSE-SU-2020:3503-1
SUSE-SU-2020:3512-1
SUSE-SU-2020:3513-1
SUSE-SU-2020:3522-1
SUSE-SU-2020:3532-1
SUSE-SU-2020:3544-1
USN-4591-1
USN-4592-1
USN-4657-1
USN-7179-1
USN-7179-2
USN-7179-3
USN-7179-4
USN-7183-1
USN-7186-1
USN-7186-2
USN-7194-1

Affected Products

Bluez
Centos
Linuxmint
Linux Kernel
Red Hat
Suse
Ubuntu