Announced 8 December 2020
Three Bluetooth vulnerabilities, one rated as high, affect the following IGEL products:
- IGEL OS 11
- IGEL OS 10
Weaknesses in input validation and access control have been discovered in BlueZ, the Linux Bluetooth stack, and have been nicknamed "BleedingTooth". CVE-2020-12352 and CVE-2020-24490, both rated medium, may disclose information to an unauthenticated user nearby. CVE-2020-12351 is rated high as it may allow an unauthenticated user nearby to enable escalation of privilege.
- IGEL OS 11: Update to IGEL OS 11.04.240 or newer.
- IGEL OS 10: Upgrade to IGEL OS 11.
Disable Bluetooth, see Bluetooth Assistant.
Intel BlueZ Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html