Impact: Moderate Public Date: 2019-01-11 CWE: CWE-200 Bugzilla: 1663179: CVE-2019-3460 kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP A flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_parse_conf_rsp and l2cap_parse_conf_req functions. An attacker with physical access within the range of standard Bluetooth transmission can create a specially crafted packet. The response to this specially crafted packet can contain part of the kernel stack which can be used in a further attack.
Find out more about CVE-2019-3460 from the MITRE CVE dictionary dictionary and NIST NVD.
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
| CVSS3 Base Score | 5.3 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity Impact | None |
| Availability Impact | None |
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise MRG 2 | kernel-rt | Affected |
| Red Hat Enterprise Linux 7 | kernel-alt | Affected |
| Red Hat Enterprise Linux 7 | kernel | Affected |
| Red Hat Enterprise Linux 7 | kernel-rt | Affected |
| Red Hat Enterprise Linux 6 | kernel | Affected |
| Red Hat Enterprise Linux 5 | kernel | Not affected |
- Disabling the bluetooth hardware in the bios.
- Prevent loading of the bluetooth kernel modules.
- Disable the bluetooth connection by putting the system in "airport" mode.
Upstream patch:
https://lore.kernel.org/linux-bluetooth/20190110062833.GA15047@kroah.com/
Oss-security post:
https://seclists.org/oss-sec/2019/q1/58
Vulmon