Reviews

Intel and Google are worried about a new Linux vulnerability

Intel and Google are worried about a new Linux vulnerability

A brand new Bluetooth flaw in all but the most recent version of the Linux Kernel has captured the interest of both Google and Intel which have both issued warnings regarding its severity.

The defect itself resides from the BlueZ software stack that is used to implement Bluetooth core layers and protocols in Linux. In addition to being used in Linux notebooks, the software stack can also be utilized in several consumer devices as well as industrial IoT devices.

Google engineer Andy Nguyen has awarded the vulnerability the name BleedingTooth and in a recent tweet, he clarified that it is really”a pair of zero-click vulnerabilities in the Linux Bluetooth subsystem that can allow an unauthenticated remote attacker at short space to execute arbitrary code with kernel privileges on vulnerable devices”.

Also read: Two Companies Engaged In Data Scraping Operations After Facebook Appealing

  • We have put together a list of the finest antivirus applications around
  • Keep your systems updated with the best patch management applications
  • Also, take a look at our roundup of the finest Linux notebooks

According to Nguyen, he was inspired by research that resulted in the discovery of the following proof-of-concept exploit called BlueBorne that permits an attacker to send commands without requiring an individual to click on links.

BleedingTooth

Although Nguyen has stated that BleedingTooth allows seamless code execution by attackers within Bluetooth range, Intel rather believes the flaw provides a way for a person to achieve independence escalation or to disclose information.

The chip giant has also issued an advisory where it clarified that BleedingTooth is actually comprised of three separate vulnerabilities tracked as CVE-2020-12351, CVE-2020-12352, and CVE-2020-24490. Even though the first vulnerability has a high-severity CVSS score of 8.3, both have CVSS scores of 5.3. In its own BlueZ advisory, Intel explained that Linux kernel fixes will be released shortly, stating:

“Potential security vulnerabilities in BlueZ may allow escalation of privilege or data disclosure. BlueZ is releasing Linux kernel fixes to address these potential vulnerabilities.”

Intel itself is among the main contributors to the BlueZ open source project and as stated by the chipmaker, a series of kernel patches is the only way to tackle BleedingTooth. While about, the vulnerability isn’t the kind of thing users must be terrified of as an attacker would need to maintain close proximity of an exposed Linux device to exploit BleedingTooth.

Written by
Isla Genesis

Isla Genesis is social media manager of The Tech Trend. She did MBA in marketing and leveraging social media. Isla is also a passionate, writing a upcoming book on marketing stats, travel lover and photographer.

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Articles

Personal Injury
Reviews

The Psychological Costs of Personal Injury

Personal injury, whether caused by an accident on the road, at work,...

ESG
Reviews

Integrating Environmental, Social, and Governance (ESG) Factors into GRC Strategies

In an era where corporate responsibility and sustainability are gaining increasing importance,...

Digital Footprint
Reviews

Is User-Security the Website’s Responsibility, or Should Digital Footprint Management Fall to Individuals?

Do you think your data is secure and your digital footprint well-managed?...

Sustainable Label Materials
Reviews

Sustainability First: Understanding Sustainable Label Materials

More and more people are turning their attention to climate change, and...