CVE-2020-24490 - log back

CVE-2020-24490 edited at 18 Oct 2020 13:43:15
Description
- A heap buffer overflow flaw was found in the way the Linux kernel’s Bluetooth implementation processed extended advertising report events. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or to potentially execute arbitrary code on the system by sending a specially crafted Bluetooth packet. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability
+ A heap buffer overflow flaw was found in the way the Linux kernel’s Bluetooth implementation processed extended advertising report events. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or to potentially execute arbitrary code on the system by sending a specially crafted Bluetooth packet. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVE-2020-24490 edited at 18 Oct 2020 12:55:59
Description
- Improper buffer restrictions in the BlueZ component of Linux before 5.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
+ A heap buffer overflow flaw was found in the way the Linux kernel’s Bluetooth implementation processed extended advertising report events. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or to potentially execute arbitrary code on the system by sending a specially crafted Bluetooth packet. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability
References
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
+ https://github.com/google/security-research/security/advisories/GHSA-ccx2-w2r4-x649
+ https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=a2ec905d1e160a33b2e210e45ad30445ef26ce0e
CVE-2020-24490 edited at 15 Oct 2020 07:42:06
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ Improper buffer restrictions in the BlueZ component of Linux before 5.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
References
+ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
Notes
CVE-2020-24490 created at 15 Oct 2020 07:40:11