Announced 8 December 2020

Score: High

Three Bluetooth vulnerabilities, one rated as high, affect the following IGEL products:

  • IGEL OS 11
  • IGEL OS 10


Weaknesses in input validation and access control have been discovered in BlueZ, the Linux Bluetooth stack, and have been nicknamed "BleedingTooth". CVE-2020-12352 and CVE-2020-24490, both rated medium, may disclose information to an unauthenticated user nearby. CVE-2020-12351 is rated high as it may allow an unauthenticated user nearby to enable escalation of privilege.

Update Instructions

  • IGEL OS 11: Update to IGEL OS 11.04.240 or newer.
  • IGEL OS 10: Upgrade to IGEL OS 11.


Disable Bluetooth, see Bluetooth Assistant.


Intel BlueZ Advisory: