AVG-1248 log

Package linux
Status Fixed
Severity High
Type multiple issues
Affected 5.9.arch1-1
Fixed 5.9.1.arch1-1
Current 6.11.6.arch1-1 [core]
Ticket None
Created Thu Oct 15 07:40:11 2020
Issue Severity Remote Type Description
CVE-2020-24490 Medium Yes Denial of service 
A heap buffer overflow flaw was found in the way the Linux kernel’s Bluetooth implementation processed extended advertising report events. This flaw allows...
CVE-2020-12352 High Yes Information disclosure 
An information leak flaw was found in the way the Linux kernel's Bluetooth stack implementation handled initialization of stack memory when handling certain...
CVE-2020-12351 High Yes Privilege escalation 
A flaw was found in the way the Linux kernel Bluetooth implementation handled L2CAP packets with A2MP CID. A remote attacker in adjacent range could use...
Date Advisory Package Type
18 Oct 2020 ASA-202010-2 linux multiple issues
References 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
Notes 
https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=a2ec905d1e160a33b2e210e45ad30445ef26ce0e
https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-1-luiz.dentz@gmail.com/
https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-2-luiz.dentz@gmail.com/
https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-3-luiz.dentz@gmail.com/
https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-4-luiz.dentz@gmail.com/