---

CVE-2020-12351 - log back

CVE-2020-12351 edited at 18 Oct 2020 12:55:12

Description

- Improper input validation in the BlueZ component of Linux before 5.10 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. + A flaw was found in the way the Linux kernel Bluetooth implementation handled L2CAP packets with A2MP CID. A remote attacker in adjacent range could use this flaw to crash the system causing denial of service or potentially execute arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE-2020-12351 edited at 18 Oct 2020 12:54:48
References	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html + https://github.com/google/security-research/security/advisories/GHSA-h637-c88j-47wq + https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-2-luiz.dentz@gmail.com/

CVE-2020-12351 edited at 15 Oct 2020 07:41:07
Severity	- Unknown + High
Remote	- Unknown + Remote
Type	- Unknown + Privilege escalation
Description	+ Improper input validation in the BlueZ component of Linux before 5.10 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
References	+ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
Notes

CVE-2020-12351 created at 15 Oct 2020 07:40:11