PT-2020-4306 · Linux+5 · Linux Kernel+6

Published

2020-07-30

·

Updated

2025-01-27

·

CVE-2020-24490

CVSS v3.1

6.5

Medium

VectorAV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: BlueZ (affected versions not specified) Linux kernel versions that support BlueZ
Description: The issue is related to improper buffer restrictions in BlueZ, which may allow an unauthenticated user to potentially enable denial of service via adjacent access. It is also associated with a buffer overflow in dynamic memory, which could allow a remote attacker to execute arbitrary code or cause a denial of service using specially crafted L2CAP packets.
Recommendations: For Linux kernel versions that support BlueZ, consider disabling BlueZ functionality until a patch is available. As a temporary workaround, restrict access to the hci event.c component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Heap Based Buffer Overflow

Improper Access Control

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-284CWE-119

Related Identifiers

BDU:2020-04799
CESA-2020_4685
CESA-2020_4686
CVE-2020-24490
DLA-2420-1
DLA-2420-2
LSN-0073-1
MGASA-2020-0392
OPENSUSE-SU-2020:1698-1
OPENSUSE-SU-2020:2112-1
OPENSUSE-SU-2020_1698-1
OPENSUSE-SU-2020_2112-1
OPENSUSE-SU-2021:0242-1
OPENSUSE-SU-2021_0242-1
RHSA-2020:4685
RHSA-2020:4686
RHSA-2020_4685
RHSA-2020_4686
SUSE-FU-2022:4496-1
SUSE-SU-2020:2980-1
SUSE-SU-2020:3389-1
SUSE-SU-2020:3491-1
SUSE-SU-2020:3522-1
USN-4592-1
USN-4752-1
USN-7179-1
USN-7179-2
USN-7179-3
USN-7179-4
USN-7183-1
USN-7186-1
USN-7186-2
USN-7194-1

Affected Products

Bluez
Centos
Linuxmint
Linux Kernel
Red Hat
Suse
Ubuntu