CVE-2020-25662
5.3
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A Red Hat only CVE-2020-12352 regression issue was found in the way the Linux kernel's Bluetooth stack implementation handled the initialization of stack memory when handling certain AMP packets. This flaw allows a remote attacker in an adjacent range to leak small portions of stack memory on the system by sending specially crafted AMP packets. The highest threat from this vulnerability is to data confidentiality.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | kernel | kernel-4.18.0-240.el8 | affected |
Weaknesses
- CWE-284: CWE-284
- CWE-665: CWE-665
ADP Enrichment
CVE Program Container
Additional References
- https://access.redhat.com/security/vulnerabilities/BleedingTooth
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25662
- https://access.redhat.com/security/cve/CVE-2020-12352
References
- https://access.redhat.com/security/vulnerabilities/BleedingTooth
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25662
- https://access.redhat.com/security/cve/CVE-2020-12352
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.