Skip to main content
Skip table of contents

ISN 2020-10: IGEL OS Bluetooth Vulnerabilities

Announced 8 December 2020

Score: High

Three Bluetooth vulnerabilities, one rated as high, affect the following IGEL products:

  • IGEL OS 11

  • IGEL OS 10

Details

Weaknesses in input validation and access control have been discovered in BlueZ, the Linux Bluetooth stack, and have been nicknamed "BleedingTooth". CVE-2020-12352 and CVE-2020-24490, both rated medium, may disclose information to an unauthenticated user nearby. CVE-2020-12351 is rated high as it may allow an unauthenticated user nearby to enable escalation of privilege.

Update Instructions

  • IGEL OS 11: Update to IGEL OS 11.04.240 or newer.

  • IGEL OS 10: Upgrade to IGEL OS 11.

Mitigation

Disable Bluetooth, see IGEL OS > Versions of IGEL OS > (11.09.310-en) IGEL OS > (11.09.310-en) IGEL OS Reference Manual> (11.09.310-en) Bluetooth Assistant.

References

Intel BlueZ Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close