21.10.2020 | Google and Intel has warned about a severe Bluetooth flaw in Linux Kernel.
According to arstechina.com Google and Intel are warning of a high-severity Bluetooth flaw in all of the recent version of Linux Kernel. A Google researcher said the bug allows seamless code execution by attackers within Bluetooth range, Intel is characterizing the flaw as providing an escalation of privileges or the disclosure of information.
This flaw lays in BlueZ, a software stack which implements all Bluetooth core protocols and layers for Linux. It is used in many consumer or industrial devices and it works with Linux versions 2.4.6 and later. This flaw is named as “BleedingTooth” which was given by Google Engineer Andy Nguyen.
He wrote that “It is a set of zero-click vulnerabilities in the Linux Bluetooth subsystem that can allow an unauthenticated remote attacker in short distance to execute arbitrary code with kernel privileges on vulnerable devices”