BlueZ is an open-source protocol stack that offers support for the Core Bluetooth Layers used in Linux-based systems.
Now, a security researcher at Google, Andy Nguyen, has disclosed a new set of zero-click vulnerabilities in BlueZ, which flaws in the Linux Bluetooth software stack could allow an unauthenticated remote attacker to execute arbitrary code potentially leading to escalation of privilege via adjacent access.
And the most severe of the vulnerabilities is a heap-based type confusion, tracked as CVE-2020-12351, with a CVSS score of 8.3 out of 10, affecting Linux kernel 4.8 and higher, which is present in the Logical Link Control and Adaptation Protocol (L2CAP) that provides multiplexing of data between higher layer protocols.
How the BlueZ Vulnerabilities affects Linux Systems
According to Andy Nguyen, the three flaws collectively are called "BleedingTooth", and resides in the open-source BlueZ protocol stack that offers support for many of the core Bluetooth layers and protocols used for Linux-based systems.
The first flaw is a heap-based type confusion (CVE-2020-12351), which a remote attacker could leverage in a short distance by sending a malicious l2cap packet and cause a DDOS or possibly arbitrary code execution with kernel privileges, knowing the victim's Bluetooth device name.
And the second vulnerability (CVE-2020-12352) is concerned with the stack-based information disclosure flaw affecting Linux kernel 3.6 and higher, which resulted from a 2012 change to the core Alternate MAC-PHY Manager Protocol (A2MP).
Finally, the third flaw trackeed as CVE-2020-24490, was discovered in the Host Controller Interface (HCI), a standardized Bluetooth interface employed for sending commands, and for transmitting data, is a heap-based buffer overflow impacting Linux kernel 4.19 and higher.
The flaw allows a nearby remote attacker to "cause denial of service or possibly arbitrary code execution with kernel privileges on victim machines if they are equipped with Bluetooth 5 chips and are in scanning mode", according to Google security researchers.
How to Mitigate against the BlueZ Vulnerabilities
Intel has issued a security advisory, as it has significant investments in the BlueZ project, warning of the potential security vulnerabilities in BlueZ that may allow escalation of privilege or information disclosure. And BlueZ has released Linux kernel fixes to address these potential vulnerabilities.
Therefore, it is recommended that users should install the latest kernel fixes in order to mitigate the risk associated with these security issues.