UBUNTU-CVE-2020-12351
Vulnerability Summary
Timeline
Description
Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
CVSS Metrics
- v3.1•HIGH•Score: 8.8CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Systems
- ubuntu•linux
< 4.4.0-262.296 | < 4.15.0-122.124 | < 5.4.0-52.57 | < 5.15.0-130.140 | < 6.8.0-35.35
- ubuntu•linux-aws
< 5.15.0-1076.83 | < 6.8.0-1009.9
- ubuntu•linux-aws-5.15
< 5.15.0-1075.82~20.04.1
- ubuntu•linux-aws-fips
< 4.15.0-2031.32 | all | < 5.4.0-1069.73+fips2 | < 5.15.0-1076.83+fips1
- ubuntu•linux-azure
< 5.15.0-1078.87 | < 6.8.0-1008.8
- ubuntu•linux-azure-5.15
< 5.15.0-1078.87~20.04.1
- ubuntu•linux-azure-fde
all
- ubuntu•linux-azure-fips
< 4.15.0-2013.15 | all | < 5.4.0-1073.76+fips1 | < 5.15.0-1078.87+fips1
- ubuntu•linux-bluefield
< 5.15.0-1058.60 | < 5.15.0-1058.60 | all
- ubuntu•linux-fips
< 4.4.0-1108.115 | all | < 4.15.0-1045.52 | < 5.15.0-128.138+fips1
- ubuntu•linux-gcp
< 5.15.0-1074.83 | < 6.8.0-1008.9
- ubuntu•linux-gcp-5.15
< 5.15.0-1074.83~20.04.1
- ubuntu•linux-gcp-fips
all | < 5.4.0-1067.71~20.04.1 | < 5.15.0-1073.81+fips1
- ubuntu•linux-gke
all | < 5.15.0-1072.78 | < 6.8.0-1004.7
- ubuntu•linux-gkeop
< 5.15.0-1057.64
- ubuntu•linux-hwe
< 4.15.0-122.124~16.04.1 | all
- ubuntu•linux-hwe-5.15
< 5.15.0-130.140~20.04.1
- ubuntu•linux-hwe-5.4
< 5.4.0-52.57~18.04.1
- ubuntu•linux-hwe-5.8
< 5.8.0-25.26~20.04.1
- ubuntu•linux-hwe-edge
all | all
- ubuntu•linux-ibm
< 5.15.0-1067.70 | < 6.8.0-1006.6
- ubuntu•linux-ibm-5.15
< 5.15.0-1067.70~20.04.1
- ubuntu•linux-intel-iot-realtime
< 5.15.0-1071.73 | < 5.15.0-1071.73
- ubuntu•linux-intel-iotg
< 5.15.0-1071.77
- ubuntu•linux-intel-iotg-5.15
< 5.15.0-1071.77~20.04.1
- ubuntu•linux-kvm
< 5.15.0-1071.76
- ubuntu•linux-lowlatency
< 5.15.0-128.138 | < 6.8.0-35.35.1
- ubuntu•linux-lowlatency-hwe-5.15
< 5.15.0-128.138~20.04.1
- ubuntu•linux-lts-xenial
< 4.4.0-262.296~14.04.1
- ubuntu•linux-nvidia
all | < 5.15.0-1070.71
- ubuntu•linux-nvidia-tegra
< 5.15.0-1032.32
- ubuntu•linux-nvidia-tegra-5.15
< 5.15.0-1032.32~20.04.1
- ubuntu•linux-nvidia-tegra-igx
< 5.15.0-1020.20
- ubuntu•linux-oem
< 4.15.0-1100.110
- ubuntu•linux-oem-5.6
< 5.6.0-1032.33
- ubuntu•linux-oem-6.8
< 6.8.0-1006.6
- ubuntu•linux-oem-osp1
< 5.0.0-1071.77
- ubuntu•linux-oracle
< 5.15.0-1073.79 | < 6.8.0-1006.6
- ubuntu•linux-oracle-5.15
< 5.15.0-1072.78~20.04.1
- ubuntu•linux-raspi
< 5.4.0-1022.25 | < 5.15.0-1070.73 | < 6.8.0-1005.5
- ubuntu•linux-raspi-5.4
< 5.4.0-1022.25~18.04.1
- ubuntu•linux-raspi-realtime
< 6.8.0-2004.4 | < 6.8.0-2004.4
- ubuntu•linux-raspi2
< 4.15.0-1074.79 | all
- ubuntu•linux-raspi2-5.3
< 5.3.0-1036.38
- ubuntu•linux-realtime
< 5.15.0-1075.83 | < 6.8.1-1002.2 | all | < 5.15.0-1075.83 | < 6.8.1-1002.2
- ubuntu•linux-riscv
< 5.4.0-37.42 | all | < 6.8.0-35.35.1
- ubuntu•linux-riscv-5.15
< 5.15.0-1070.74~20.04.1
- ubuntu•linux-snapdragon
< 4.15.0-1090.99
- ubuntu•linux-xilinx-zynqmp
< 5.15.0-1041.45
References (16)
- https://ubuntu.com/security/CVE-2020-12351
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
- https://github.com/google/security-research/security/advisories/GHSA-h637-c88j-47wq
- https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-2-luiz.dentz@gmail.com/
- https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?h=for-upstream&id=f19425641cb2572a33cb074d5e30283720bd4d22
- https://ubuntu.com/security/notices/USN-4592-1
- https://ubuntu.com/security/notices/USN-4591-1
- https://www.cve.org/CVERecord?id=CVE-2020-12351
- https://ubuntu.com/security/notices/USN-7179-1
- https://ubuntu.com/security/notices/USN-7179-2
- https://ubuntu.com/security/notices/USN-7183-1
- https://ubuntu.com/security/notices/USN-7186-1
- https://ubuntu.com/security/notices/USN-7179-3
- https://ubuntu.com/security/notices/USN-7186-2
- https://ubuntu.com/security/notices/USN-7194-1
- https://ubuntu.com/security/notices/USN-7179-4