USN-4591-1

Details

Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-12351)

Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate remote attacker could use this to expose sensitive information (kernel memory). (CVE-2020-12352)

Affected Packages

Ubuntu:16.04:LTSlinux-hwe

Fixed in:

4.15.0-122.124~16.04.1

Ubuntu:18.04:LTSlinux

Fixed in:

4.15.0-122.124

Ubuntu:18.04:LTSlinux-hwe-5.4

Fixed in:

5.4.0-52.57~18.04.1

Ubuntu:18.04:LTSlinux-oem

Fixed in:

4.15.0-1100.110

Ubuntu:18.04:LTSlinux-raspi-5.4

Fixed in:

5.4.0-1022.25~18.04.1

Ubuntu:18.04:LTSlinux-snapdragon

Fixed in:

4.15.0-1090.99

Ubuntu:20.04:LTSlinux

Fixed in:

5.4.0-52.57

Ubuntu:20.04:LTSlinux-raspi

Fixed in:

5.4.0-1022.25

References

REPORThttps://ubuntu.com/security/CVE-2020-12351 REPORThttps://ubuntu.com/security/CVE-2020-12352 ADVISORYhttps://ubuntu.com/security/notices/USN-4591-1

USN-4591-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline