CVE-2020-12352 log

Source
Severity High
Remote Yes
Type Information disclosure
Description
An information leak flaw was found in the way the Linux kernel's Bluetooth stack implementation handled initialization of stack memory when handling certain AMP packets. A remote attacker in adjacent range could use this flaw to leak small portions of stack memory on the system by sending a specially crafted AMP packets. The highest threat from this vulnerability is to data confidentiality.
Group Package Affected Fixed Severity Status Ticket
AVG-1251 linux-hardened 5.8.14.a-1 5.8.16.a-1 High Fixed
AVG-1250 linux-lts 5.4.71-1 5.4.72-1 High Fixed
AVG-1249 linux-zen 5.9.zen1-1 5.9.1.zen2-1 High Fixed
AVG-1248 linux 5.9.arch1-1 5.9.1.arch1-1 High Fixed
Date Advisory Group Package Severity Type
18 Oct 2020 ASA-202010-9 AVG-1251 linux-hardened High multiple issues
18 Oct 2020 ASA-202010-4 AVG-1250 linux-lts High multiple issues
18 Oct 2020 ASA-202010-3 AVG-1249 linux-zen High multiple issues
18 Oct 2020 ASA-202010-2 AVG-1248 linux High multiple issues
References
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-1-luiz.dentz@gmail.com/
https://github.com/google/security-research/security/advisories/GHSA-7mh3-gq28-gfrq