UBUNTU-CVE-2020-24490

Description

Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ.

CVSS Metrics

• v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Systems

• ubuntu•linux

  < 4.4.0-262.296 | < 4.15.0-122.124 | < 5.4.0-52.57 | < 5.15.0-130.140 | < 6.8.0-35.35

• ubuntu•linux-aws

  < 5.15.0-1076.83 | < 6.8.0-1009.9

• ubuntu•linux-aws-5.15

  < 5.15.0-1075.82~20.04.1

• ubuntu•linux-aws-fips

  < 4.15.0-2031.32 | all | < 5.4.0-1069.73+fips2 | < 5.15.0-1076.83+fips1

• ubuntu•linux-azure

  < 5.15.0-1078.87 | < 6.8.0-1008.8

• ubuntu•linux-azure-5.15

  < 5.15.0-1078.87~20.04.1

• ubuntu•linux-azure-fde

  all

• ubuntu•linux-azure-fips

  < 4.15.0-2013.15 | all | < 5.4.0-1073.76+fips1 | < 5.15.0-1078.87+fips1

• ubuntu•linux-bluefield

  < 5.15.0-1058.60 | < 5.15.0-1058.60 | all

• ubuntu•linux-fips

  < 4.4.0-1108.115 | all | < 4.15.0-1045.52 | < 5.15.0-128.138+fips1

• ubuntu•linux-gcp

  < 5.15.0-1074.83 | < 6.8.0-1008.9

• ubuntu•linux-gcp-5.15

  < 5.15.0-1074.83~20.04.1

• ubuntu•linux-gcp-fips

  all | < 5.4.0-1067.71~20.04.1 | < 5.15.0-1073.81+fips1

• ubuntu•linux-gke

  all | < 5.15.0-1072.78 | < 6.8.0-1004.7

• ubuntu•linux-gkeop

  < 5.15.0-1057.64

• ubuntu•linux-hwe

  < 4.15.0-122.124~16.04.1 | all

• ubuntu•linux-hwe-5.15

  < 5.15.0-130.140~20.04.1

• ubuntu•linux-hwe-5.4

  < 5.4.0-52.57~18.04.1

• ubuntu•linux-hwe-edge

  all

• ubuntu•linux-ibm

  < 5.15.0-1067.70 | < 6.8.0-1006.6

• ubuntu•linux-ibm-5.15

  < 5.15.0-1067.70~20.04.1

• ubuntu•linux-intel-iot-realtime

  < 5.15.0-1071.73 | < 5.15.0-1071.73

• ubuntu•linux-intel-iotg

  < 5.15.0-1071.77

• ubuntu•linux-intel-iotg-5.15

  < 5.15.0-1071.77~20.04.1

• ubuntu•linux-kvm

  < 5.15.0-1071.76

• ubuntu•linux-lowlatency

  < 5.15.0-128.138 | < 6.8.0-35.35.1

• ubuntu•linux-lowlatency-hwe-5.15

  < 5.15.0-128.138~20.04.1

• ubuntu•linux-lts-xenial

  < 4.4.0-262.296~14.04.1

• ubuntu•linux-nvidia

  all | < 5.15.0-1070.71

• ubuntu•linux-nvidia-tegra

  < 5.15.0-1032.32

• ubuntu•linux-nvidia-tegra-5.15

  < 5.15.0-1032.32~20.04.1

• ubuntu•linux-nvidia-tegra-igx

  < 5.15.0-1020.20

• ubuntu•linux-oem-5.6

  < 5.6.0-1048.52

• ubuntu•linux-oem-6.8

  < 6.8.0-1006.6

• ubuntu•linux-oem-osp1

  < 5.0.0-1071.77

• ubuntu•linux-oracle

  < 5.15.0-1073.79 | < 6.8.0-1006.6

• ubuntu•linux-oracle-5.15

  < 5.15.0-1072.78~20.04.1

• ubuntu•linux-raspi

  < 5.4.0-1022.25 | < 5.15.0-1070.73 | < 6.8.0-1005.5

• ubuntu•linux-raspi-5.4

  < 5.4.0-1022.25~18.04.1

• ubuntu•linux-raspi-realtime

  < 6.8.0-2004.4 | < 6.8.0-2004.4

• ubuntu•linux-raspi2

  all

• ubuntu•linux-raspi2-5.3

  < 5.3.0-1036.38

• ubuntu•linux-realtime

  < 5.15.0-1075.83 | < 6.8.1-1002.2 | all | < 5.15.0-1075.83 | < 6.8.1-1002.2

• ubuntu•linux-riscv

  < 5.4.0-34.38 | all | < 6.8.0-35.35.1

• ubuntu•linux-riscv-5.15

  < 5.15.0-1070.74~20.04.1

• ubuntu•linux-xilinx-zynqmp

  < 5.15.0-1041.45

References (15)

• https://ubuntu.com/security/CVE-2020-24490
• https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
• https://github.com/google/security-research/security/advisories/GHSA-ccx2-w2r4-x649
• https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=a2ec905d1e160a33b2e210e45ad30445ef26ce0e
• https://ubuntu.com/security/notices/USN-4592-1
• https://ubuntu.com/security/notices/USN-4752-1
• https://www.cve.org/CVERecord?id=CVE-2020-24490
• https://ubuntu.com/security/notices/USN-7179-1
• https://ubuntu.com/security/notices/USN-7179-2
• https://ubuntu.com/security/notices/USN-7183-1
• https://ubuntu.com/security/notices/USN-7186-1
• https://ubuntu.com/security/notices/USN-7179-3
• https://ubuntu.com/security/notices/USN-7186-2
• https://ubuntu.com/security/notices/USN-7194-1
• https://ubuntu.com/security/notices/USN-7179-4