Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-25662

A Red Hat only CVE-2020-12352 regression issue was found in the way the Linux kernel's Bluetooth stack implementation handled the initialization of stack memory when handling certain AMP packets. This flaw allows a remote attacker in an adjacent range to leak small portions of stack memory on the system by sending specially crafted AMP packets. The highest threat from this vulnerability is to data confidentiality.

Published

2020-11-05T21:15:12.750

Last Modified

2024-11-21T05:18:23.460

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

CVSSv2 Vector

AV:A/AC:L/Au:N/C:P/I:N/A:N

Access Vector: ADJACENT_NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

6.5

Impact Score

2.9

Weaknesses

Type: Primary
CWE-284
CWE-665
Type: Secondary
CWE-665

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	redhat	enterprise_linux	8.3	Yes

References

https://access.redhat.com/security/cve/CVE-2020-12352 Mitigation, Vendor Advisory ([email protected])
https://access.redhat.com/security/vulnerabilities/BleedingTooth Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25662 Issue Tracking, Mitigation, Vendor Advisory ([email protected])
https://access.redhat.com/security/cve/CVE-2020-12352 Mitigation, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/security/vulnerabilities/BleedingTooth Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25662 Issue Tracking, Mitigation, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)