Download page ISN 2020-10: IGEL OS Bluetooth Vulnerabilities.
ISN 2020-10: IGEL OS Bluetooth Vulnerabilities
Announced 8 December 2020
Score: High
Three Bluetooth vulnerabilities, one rated as high, affect the following IGEL products:
IGEL OS 11
IGEL OS 10
Details
Weaknesses in input validation and access control have been discovered in BlueZ, the Linux Bluetooth stack, and have been nicknamed "BleedingTooth". CVE-2020-12352 and CVE-2020-24490, both rated medium, may disclose information to an unauthenticated user nearby. CVE-2020-12351 is rated high as it may allow an unauthenticated user nearby to enable escalation of privilege.