CVE-2020-24490

Priority
Description
Linux bluetooth: Heap-Based Buffer Overflow in HCI event packet parser
Ubuntu-Description
Andy Nguyen discovered that the Bluetooth HCI event packet parser in the
Linux kernel did not properly handle event advertisements of certain sizes,
leading to a heap-based buffer overflow. A physically proximate remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code.
Notes
sbeattieThis issue affected kernels 4.18 and later; as such Ubuntu 20.04's 5.4 kernel was fixed around 2020/09/21, before the advisory was issued. it is asserted that b2cc9761f144e8ef714be8c590603073b80ddc13 made the vulnerability accessible.
sbeattieit's not clear if
https://lore.kernel.org/linux-bluetooth/20201016180956.707681-1-luiz.dentz@gmail.com/
is needed as well.
Package
Source: linux (LP Ubuntu Debian)
Upstream:not-affected
Ubuntu 12.04 ESM (Precise Pangolin):not-affected
Ubuntu 14.04 ESM (Trusty Tahr):not-affected
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Ubuntu 20.04 LTS (Focal Fossa):released (5.4.0-48.52)
Ubuntu 20.10 (Groovy Gorilla):not-affected (5.8.0-16.17)
Patches:
Break-fix:c215e9397b00b3045a668120ed7dbd89f2866e74
Package
Upstream:not-affected (CONFIG_BT not set)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (CONFIG_BT not set)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (CONFIG_BT not set)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (CONFIG_BT not set)
Ubuntu 20.04 LTS (Focal Fossa):not-affected (CONFIG_BT not set)
Ubuntu 20.10 (Groovy Gorilla):not-affected (CONFIG_BT not set)
Package
Upstream:not-affected (CONFIG_BT not set)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (CONFIG_BT not set)
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Upstream:not-affected (CONFIG_BT not set)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (CONFIG_BT not set)
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Upstream:not-affected (CONFIG_BT not set)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (CONFIG_BT not set)
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Upstream:not-affected (CONFIG_BT not set)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (CONFIG_BT not set)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Upstream:not-affected (CONFIG_BT not set)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (CONFIG_BT not set)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (CONFIG_BT not set)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (CONFIG_BT not set)
Ubuntu 20.04 LTS (Focal Fossa):not-affected (CONFIG_BT not set)
Ubuntu 20.10 (Groovy Gorilla):not-affected (CONFIG_BT not set)
Package
Upstream:not-affected (CONFIG_BT not set)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (CONFIG_BT not set)
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Upstream:not-affected (CONFIG_BT not set)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (CONFIG_BT not set)
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Upstream:not-affected (CONFIG_BT not set)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (CONFIG_BT not set)
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Upstream:not-affected (CONFIG_BT not set)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (CONFIG_BT not set)
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (cloud-only kernel)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (cloud-only kernel)
Ubuntu 20.04 LTS (Focal Fossa):not-affected (cloud-only kernel)
Ubuntu 20.10 (Groovy Gorilla):not-affected (cloud-only kernel)
Package
Upstream:not-affected (cloud-only kernel)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (cloud-only kernel)
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Upstream:not-affected (cloud-only kernel)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (cloud-only kernel)
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Upstream:not-affected (cloud-only kernel)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (cloud-only kernel)
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Upstream:not-affected (cloud-only kernel)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (cloud-only kernel)
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Upstream:not-affected (cloud-only kernel)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (cloud-only kernel)
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Upstream:not-affected (cloud-only kernel)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (cloud-only kernel)
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Upstream:not-affected (cloud-only kernel)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (cloud-only kernel)
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 18.04 LTS (Bionic Beaver):ignored (converted to linux-hwe-5.4)
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):released (5.4.0-48.52~18.04.1)
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 18.04 LTS (Bionic Beaver):ignored (superseded by linux-hwe)
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (CONFIG_BT not set)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (CONFIG_BT not set)
Ubuntu 20.04 LTS (Focal Fossa):not-affected (CONFIG_BT not set)
Ubuntu 20.10 (Groovy Gorilla):not-affected (CONFIG_BT not set)
Package
Upstream:not-affected
Ubuntu 12.04 ESM (Precise Pangolin):not-affected
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):not-affected
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 20.04 LTS (Focal Fossa):needs-triage
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):released (5.0.0-1070.76)
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Upstream:not-affected (cloud-only kernel)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (cloud-only kernel)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (cloud-only kernel)
Ubuntu 20.04 LTS (Focal Fossa):not-affected (cloud-only kernel)
Ubuntu 20.10 (Groovy Gorilla):not-affected (cloud-only kernel)
Package
Upstream:not-affected (cloud-only kernel)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (cloud-only kernel)
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Upstream:not-affected (cloud-only kernel)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (cloud-only kernel)
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Upstream:not-affected (cloud-only kernel)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (cloud-only kernel)
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 20.04 LTS (Focal Fossa):needs-triage
Ubuntu 20.10 (Groovy Gorilla):needs-triage
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):released (5.4.0-1019.21~18.04.1)
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Ubuntu 20.04 LTS (Focal Fossa):ignored (superseded by linux-raspi2-5.4)
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):released (5.3.0-1036.38)
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 20.04 LTS (Focal Fossa):needs-triage
Ubuntu 20.10 (Groovy Gorilla):needs-triage
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
More Information

Updated: 2020-10-20 06:14:56 UTC (commit 9d7fd1ad20e085b24c6644b9dda2aeb874594ad9)