CVE-2020-12352 - log back

CVE-2020-12352 edited at 18 Oct 2020 13:43:10
Description
- An information leak flaw was found in the way the Linux kernel's Bluetooth stack implementation handled initialization of stack memory when handling certain AMP packets. A remote attacker in adjacent range could use this flaw to leak small portions of stack memory on the system by sending a specially crafted AMP packets. The highest threat from this vulnerability is to data confidentiality
+ An information leak flaw was found in the way the Linux kernel's Bluetooth stack implementation handled initialization of stack memory when handling certain AMP packets. A remote attacker in adjacent range could use this flaw to leak small portions of stack memory on the system by sending a specially crafted AMP packets. The highest threat from this vulnerability is to data confidentiality.
CVE-2020-12352 edited at 18 Oct 2020 12:56:23
Description
- Improper access control in the BlueZ component of Linux before 5.10 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
+ An information leak flaw was found in the way the Linux kernel's Bluetooth stack implementation handled initialization of stack memory when handling certain AMP packets. A remote attacker in adjacent range could use this flaw to leak small portions of stack memory on the system by sending a specially crafted AMP packets. The highest threat from this vulnerability is to data confidentiality
References
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
+ https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-1-luiz.dentz@gmail.com/
+ https://github.com/google/security-research/security/advisories/GHSA-7mh3-gq28-gfrq
CVE-2020-12352 edited at 15 Oct 2020 07:41:43
Description
- mproper access control in the BlueZ component of Linux before 5.10 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
+ Improper access control in the BlueZ component of Linux before 5.10 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
CVE-2020-12352 edited at 15 Oct 2020 07:41:32
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Information disclosure
Description
+ mproper access control in the BlueZ component of Linux before 5.10 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
References
+ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
Notes
CVE-2020-12352 created at 15 Oct 2020 07:40:11