1 min read

Intel Mistakenly Publishes Bluetooth Zero-Day Vulnerability Details Two Months Before Linux Kernel Patches Are to Arrive

Silviu STAHIE

October 16, 2020

Intel Mistakenly Publishes Bluetooth Zero-Day Vulnerability Details Two Months Before Linux Kernel Patches Are to Arrive

A Google security researcher warns of zero-day vulnerabilities in the Linux Bluetooth stack that allow attackers to escalate privileges to root. A fix should be available in Linux Kernel 5.10, which is still a couple of months away, which means that any devices, mobile or PC, using the BlueZ stack will be vulnerable for a while.

The BlueZ subsystem’s vulnerabilities received a name, BleedingTooth, which usually only happens with severe security issues. In this case, Intel says the input validation in BlueZ may allow an unauthenticated user to enable the escalation of privileges via adjacent access.

More to the point, security researcher Andy Nguyen, who found the issues, explained on Twitter: “BleedingTooth is a set of zero-click vulnerabilities in the Linux Bluetooth subsystem that can allow an unauthenticated, remote attacker in short distance to execute arbitrary code with kernel privileges on vulnerable devices.”

The researcher also posted a short video showing the vulnerabilities are present and work without a hitch. But this is where the real problem comes in. In the initial iteration of the advisory, Intel said the Linux kernel patches would be available with the 5.9 release, which took place a couple of days ago.

Unfortunately, they made a mistake when they coordinated the vulnerability disclosure. For unknown reasons, Intel said the patches would be available in Linux kernel 5.9, but that was apparently a mistake, and the fixes are now programmed to land in Linux kernel 5.10, which is due for the end of December.

In other words, Intel just published details on a zero-day vulnerability that will only receive fixes in two months, leaving Linux users world-wide exposed to potential attacks. One of the maintainers of the Linux kernel had this to say about the entire situation on Twitter:

“They are now claiming you need a 5.10 kernel or newer to solve this.  5.10 will be released at the end of December, 2020. Intel knows better, and knows how to do this properly, this feels malicious at this point…”

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Google Prepares to Reset App Permissions on Billions of Devices Google Prepares to Reset App Permissions on Billions of Devices
Silviu STAHIE

September 20, 2021

1 min read
Sideloading Android Apps - Bane or Blessing for Android Users Sideloading Android Apps - Bane or Blessing for Android Users
Silviu STAHIE

September 20, 2021

2 min read
FTC Says Companies Operating Health Apps and Connected Devices Must Inform Users of Data Breaches FTC Says Companies Operating Health Apps and Connected Devices Must Inform Users of Data Breaches
Silviu STAHIE

September 17, 2021

1 min read