Reviews

Intel and Google are worried about a new Linux vulnerability

Intel and Google are worried about a new Linux vulnerability

A brand new Bluetooth flaw in all but the most recent version of the Linux Kernel has captured the interest of both Google and Intel which have both issued warnings regarding its severity.

The defect itself resides from the BlueZ software stack that is used to implement Bluetooth core layers and protocols in Linux. In addition to being used in Linux notebooks, the software stack can also be utilized in several consumer devices as well as industrial IoT devices.

Google engineer Andy Nguyen has awarded the vulnerability the name BleedingTooth and in a recent tweet, he clarified that it is really”a pair of zero-click vulnerabilities in the Linux Bluetooth subsystem that can allow an unauthenticated remote attacker at short space to execute arbitrary code with kernel privileges on vulnerable devices”.

Also read: Two Companies Engaged In Data Scraping Operations After Facebook Appealing

  • We have put together a list of the finest antivirus applications around
  • Keep your systems updated with the best patch management applications
  • Also, take a look at our roundup of the finest Linux notebooks

According to Nguyen, he was inspired by research that resulted in the discovery of the following proof-of-concept exploit called BlueBorne that permits an attacker to send commands without requiring an individual to click on links.

BleedingTooth

Although Nguyen has stated that BleedingTooth allows seamless code execution by attackers within Bluetooth range, Intel rather believes the flaw provides a way for a person to achieve independence escalation or to disclose information.

The chip giant has also issued an advisory where it clarified that BleedingTooth is actually comprised of three separate vulnerabilities tracked as CVE-2020-12351, CVE-2020-12352, and CVE-2020-24490. Even though the first vulnerability has a high-severity CVSS score of 8.3, both have CVSS scores of 5.3. In its own BlueZ advisory, Intel explained that Linux kernel fixes will be released shortly, stating:

“Potential security vulnerabilities in BlueZ may allow escalation of privilege or data disclosure. BlueZ is releasing Linux kernel fixes to address these potential vulnerabilities.”

Intel itself is among the main contributors to the BlueZ open source project and as stated by the chipmaker, a series of kernel patches is the only way to tackle BleedingTooth. While about, the vulnerability isn’t the kind of thing users must be terrified of as an attacker would need to maintain close proximity of an exposed Linux device to exploit BleedingTooth.

Written by
Isla Genesis

Isla Genesis is social media manager of The Tech Trend. She did MBA in marketing and leveraging social media. Isla is also a passionate, writing a upcoming book on marketing stats, travel lover and photographer.

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Articles

Google Play Store App
Reviews

Red Flags that Google Looks for During the Play Store App Review Process

Are you looking to publish your app in Google’s Play Store? If...

Electricity Provider
Reviews

How to Change Electricity Provider in Norway (Billigste Strømpriser)

Determining the best course of action regarding an electricity supplier will help...

Heart of Industry
Reviews

In the Heart of Industry – Exploring Sheet Metal Fabrication’s Evolution

In the intricate world of manufacturing, sheet metal fabrication stands as a...

Scholarship Essay
Reviews

How To Write a Good Scholarship Essay

If you’re dreaming about a brilliant career, want to have a better...