CVE-2020-25662

Published: Nov 5, 2020Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A Red Hat only CVE-2020-12352 regression issue was found in the way the Linux kernel's Bluetooth stack implementation handled the initialization of stack memory when handling certain AMP packets. This flaw allows a remote attacker in an adjacent range to leak small portions of stack memory on the system by sending specially crafted AMP packets. The highest threat from this vulnerability is to data confidentiality.

Affected (1)

Products: Redhat: Enterprise Linux

1 product

Enterprise Linux

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 8.3

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Improper Initialization

The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

References (6)

https://access.redhat.com/security/cve/CVE-2020-12352

Source: secalert@redhat.com

MitigationVendor Advisory

https://access.redhat.com/security/vulnerabilities/BleedingTooth

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25662

Source: secalert@redhat.com

Issue TrackingMitigationVendor Advisory

https://access.redhat.com/security/cve/CVE-2020-12352

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

https://access.redhat.com/security/vulnerabilities/BleedingTooth

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25662

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingMitigationVendor Advisory

Timeline

No history available yet.