CVE-2020-24490

Published: 14 October 2020

Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ.

From the Ubuntu security team

Andy Nguyen discovered that the Bluetooth HCI event packet parser in the Linux kernel did not properly handle event advertisements of certain sizes, leading to a heap-based buffer overflow. A physically proximate remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream
Released (5.8)
Ubuntu 20.04 LTS (Focal Fossa)
Released (5.4.0-48.52)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.13.0-16.19)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(4.2.0-16.19)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(3.11.0-12.19)
Patches:
Introduced by c215e9397b00b3045a668120ed7dbd89f2866e74
Fixed by a2ec905d1e160a33b2e210e45ad30445ef26ce0e
linux-aws
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(CONFIG_BT not set)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(CONFIG_BT not set)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(CONFIG_BT not set)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(CONFIG_BT not set)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(CONFIG_BT not set)
linux-aws-5.0
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(CONFIG_BT not set)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(CONFIG_BT not set)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-aws-5.3
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(CONFIG_BT not set)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(CONFIG_BT not set)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-aws-5.4
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(CONFIG_BT not set)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(CONFIG_BT not set)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-aws-hwe
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(CONFIG_BT not set)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(CONFIG_BT not set)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-azure
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(CONFIG_BT not set)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(CONFIG_BT not set)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(CONFIG_BT not set)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(CONFIG_BT not set)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(CONFIG_BT not set)
linux-azure-4.15
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(CONFIG_BT not set)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(CONFIG_BT not set)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-azure-5.3
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(CONFIG_BT not set)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(CONFIG_BT not set)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-azure-5.4
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(CONFIG_BT not set)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(CONFIG_BT not set)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-azure-edge
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(CONFIG_BT not set)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(CONFIG_BT not set)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-dell300x
Launchpad, Ubuntu, Debian
Upstream
Released (5.8)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.15.0-1005.8)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-gcp
Launchpad, Ubuntu, Debian
Upstream
Released (5.8)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(cloud-only kernel)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(cloud-only kernel)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(cloud-only kernel)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-gcp-4.15
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(cloud-only kernel)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(cloud-only kernel)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-gcp-5.3
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(cloud-only kernel)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(cloud-only kernel)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-gcp-5.4
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(cloud-only kernel)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(cloud-only kernel)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-gcp-edge
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(cloud-only kernel)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(cloud-only kernel)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-gke-4.15
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(cloud-only kernel)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(cloud-only kernel)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-gke-5.0
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(cloud-only kernel)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(cloud-only kernel)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-gke-5.3
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(cloud-only kernel)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(cloud-only kernel)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-gke-5.4
Launchpad, Ubuntu, Debian
Upstream
Released (5.8)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(5.4.0-1025.25~18.04.1)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-gkeop
Launchpad, Ubuntu, Debian
Upstream
Released (5.8)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(5.4.0-1008.9)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-gkeop-5.4
Launchpad, Ubuntu, Debian
Upstream
Released (5.8)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(5.4.0-1001.1)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-hwe
Launchpad, Ubuntu, Debian
Upstream
Released (5.8)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Ignored
(converted to linux-hwe-5.4)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(4.8.0-36.36~16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-hwe-5.4
Launchpad, Ubuntu, Debian
Upstream
Released (5.8)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver)
Released (5.4.0-48.52~18.04.1)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-hwe-5.8
Launchpad, Ubuntu, Debian
Upstream
Released (5.8)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(5.8.0-23.24~20.04.1)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-hwe-edge
Launchpad, Ubuntu, Debian
Upstream
Released (5.8)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Ignored
(superseded by linux-hwe)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-kvm
Launchpad, Ubuntu, Debian
Upstream
Released (5.8)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(CONFIG_BT not set)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(CONFIG_BT not set)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(CONFIG_BT not set)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-trusty
Launchpad, Ubuntu, Debian
Upstream
Released (5.8)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-xenial
Launchpad, Ubuntu, Debian
Upstream
Released (5.8)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(4.4.0-13.29~14.04.1)
linux-oem
Launchpad, Ubuntu, Debian
Upstream
Released (5.8)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.15.0-1002.3)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-oem-5.10
Launchpad, Ubuntu, Debian
Upstream
Released (5.8)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(5.10.0-1008.9)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-oem-5.6
Launchpad, Ubuntu, Debian
Upstream
Released (5.8)
Ubuntu 20.04 LTS (Focal Fossa)
Released (5.6.0-1048.52)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-oem-osp1
Launchpad, Ubuntu, Debian
Upstream
Released (5.8)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver)
Released (5.0.0-1070.76)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-oracle
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(cloud-only kernel)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(cloud-only kernel)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(cloud-only kernel)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(cloud-only kernel)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-oracle-5.0
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(cloud-only kernel)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(cloud-only kernel)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-oracle-5.3
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(cloud-only kernel)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(cloud-only kernel)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-oracle-5.4
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(cloud-only kernel)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(cloud-only kernel)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-raspi
Launchpad, Ubuntu, Debian
Upstream
Released (5.8)
Ubuntu 20.04 LTS (Focal Fossa)
Released (5.4.0-1019.21)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-raspi-5.4
Launchpad, Ubuntu, Debian
Upstream
Released (5.8)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver)
Released (5.4.0-1019.21~18.04.1)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-raspi2
Launchpad, Ubuntu, Debian
Upstream
Released (5.8)
Ubuntu 20.04 LTS (Focal Fossa) Ignored
(superseded by linux-raspi2-5.4)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.13.0-1005.5)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(4.2.0-1013.19)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-raspi2-5.3
Launchpad, Ubuntu, Debian
Upstream
Released (5.8)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver)
Released (5.3.0-1036.38)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-riscv
Launchpad, Ubuntu, Debian
Upstream
Released (5.8)
Ubuntu 20.04 LTS (Focal Fossa)
Released (5.4.0-34.38)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-snapdragon
Launchpad, Ubuntu, Debian
Upstream
Released (5.8)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.4.0-1077.82)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(4.4.0-1013.15)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Notes

AuthorNote
sbeattie
This issue affected kernels 4.18 and later; as such Ubuntu 20.04's 5.4 kernel was fixed around 2020/09/21, before the advisory was issued. it is asserted that b2cc9761f144e8ef714be8c590603073b80ddc13 made the vulnerability accessible.
sbeattie
it's not clear if
https://lore.kernel.org/linux-bluetooth/20201016180956.707681-1-luiz.dentz@gmail.com/
is needed as well.

References