CVE-2019-3459: Infoleak
First published: Thu Jan 03 2019(Updated: )
A flaw was found in the Linux kernel's implementation of Logical Link Control and Adaptation Protocol (L2CAP), part of the Bluetooth stack. An attacker, within the range of standard Bluetooth transmissions, can create and send a specially crafted packet. The response to this specially crafted packet can contain part of the kernel stack which can be used in a further attack.
Credit: security@debian.org security@debian.org security@debian.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:3.10.0-1062.rt56.1022.el7 | 0:3.10.0-1062.rt56.1022.el7 |
| redhat/kernel | <0:3.10.0-1062.el7 | 0:3.10.0-1062.el7 |
| redhat/kernel-alt | <0:4.14.0-115.18.1.el7a | 0:4.14.0-115.18.1.el7a |
| redhat/kernel-rt | <0:4.18.0-147.rt24.93.el8 | 0:4.18.0-147.rt24.93.el8 |
| redhat/kernel | <0:4.18.0-147.el8 | 0:4.18.0-147.el8 |
| Linux Linux kernel | <=5.1 | |
| Canonical Ubuntu Linux | =14.04 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =18.04 | |
| Canonical Ubuntu Linux | =18.10 | |
| Redhat Codeready Linux Builder | =8.0 | |
| Red Hat Enterprise Linux | =5.0 | |
| Red Hat Enterprise Linux | =6.0 | |
| Red Hat Enterprise Linux | =7.0 | |
| Red Hat Enterprise Linux | =8.0 | |
| Redhat Enterprise Linux Desktop | =7.0 | |
| Redhat Enterprise Linux Eus | =8.1 | |
| Redhat Enterprise Linux Eus | =8.2 | |
| Redhat Enterprise Linux Eus | =8.4 | |
| Redhat Enterprise Linux For Real Time | =7 | |
| Redhat Enterprise Linux For Real Time | =8 | |
| Redhat Enterprise Linux For Real Time For Nfv | =7 | |
| Redhat Enterprise Linux For Real Time For Nfv | =8 | |
| Redhat Enterprise Linux For Real Time For Nfv Tus | =8.2 | |
| Redhat Enterprise Linux For Real Time For Nfv Tus | =8.4 | |
| Redhat Enterprise Linux For Real Time Tus | =8.2 | |
| Redhat Enterprise Linux For Real Time Tus | =8.4 | |
| Red Hat Enterprise Linux Server | =7.0 | |
| Red Hat Enterprise Linux Server | =8.2 | |
| Red Hat Enterprise Linux Server | =8.4 | |
| Red Hat Enterprise Linux Server | =8.2 | |
| Red Hat Enterprise Linux Server | =8.4 | |
| Redhat Enterprise Linux Workstation | =7.0 | |
| Red Hat Enterprise MRG | =2.0 | |
| Debian Debian Linux | =8.0 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.119-1 6.12.10-1 |
Remedy
- Disabling the bluetooth hardware in the bios. - Prevent loading of the bluetooth kernel modules. - Disable the bluetooth connection by putting the system in "airport" mode.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2019-3459 https://nvd.nist.gov/vuln/detail/CVE-2019-3459
- https://bugzilla.redhat.com/show_bug.cgi?id=1663176
- https://access.redhat.com/errata/RHSA-2019:2043
- https://access.redhat.com/errata/RHSA-2019:2029
- https://access.redhat.com/errata/RHSA-2020:0740
- https://access.redhat.com/errata/RHSA-2019:3309
- https://access.redhat.com/errata/RHSA-2019:3517
- https://access.redhat.com/security/cve/CVE-2019-3459
- http://www.openwall.com/lists/oss-security/2019/06/27/2
- http://www.openwall.com/lists/oss-security/2019/06/27/7
- http://www.openwall.com/lists/oss-security/2019/06/28/1
- http://www.openwall.com/lists/oss-security/2019/06/28/2
- http://www.openwall.com/lists/oss-security/2019/08/12/1
- https://bugzilla.novell.com/show_bug.cgi?id=1120758
- https://git.kernel.org/linus/7c9cbd0b5e38a1672fcd137894ace3b042dfbf69
- https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html
- https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html
- https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html
- https://lore.kernel.org/linux-bluetooth/20190110062833.GA15047@kroah.com/
- https://marc.info/?l=oss-security&m=154721580222522&w=2
- https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3459.html
- https://marc.info/?l=oss-security&m=154721580222522&w=2
- https://launchpad.net/bugs/cve/CVE-2019-3459
- https://seclists.org/oss-sec/2019/q1/58
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1665925
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1663176#c8
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c9cbd0b5e38a1672fcd137894ace3b042dfbf69
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1663176#c9
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/
- https://access.redhat.com/security/cve/CVE-2019-3460
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1663176#c11
- https://access.redhat.com/security/cve/cve-2019-3459
- https://lore.kernel.org/linux-bluetooth/20190110062833.GA15047%40kroah.com/
- https://security-tracker.debian.org/tracker/CVE-2019-3459
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3459
- https://nvd.nist.gov/vuln/detail/CVE-2019-3459
- https://ubuntu.com/security/CVE-2019-3459
Parent vulnerabilities
(Appears in the following advisories)
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-3459
- agent/weakness
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/remedy
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/last-modified-date
- agent/author
- agent/event
- agent/trending
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- collector/nvd-cve
- agent/softwarecombine
- agent/tags
- agent/source
- package-manager/redhat
- package-manager/debian
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/5.1
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/14.04
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/18.04
- version/canonical ubuntu linux/18.10
- vendor/redhat
- canonical/redhat codeready linux builder
- version/redhat codeready linux builder/8.0
- canonical/red hat enterprise linux
- version/red hat enterprise linux/5.0
- version/red hat enterprise linux/6.0
- version/red hat enterprise linux/7.0
- version/red hat enterprise linux/8.0
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/7.0
- canonical/redhat enterprise linux eus
- version/redhat enterprise linux eus/8.1
- version/redhat enterprise linux eus/8.2
- version/redhat enterprise linux eus/8.4
- canonical/redhat enterprise linux for real time
- version/redhat enterprise linux for real time/7
- version/redhat enterprise linux for real time/8
- canonical/redhat enterprise linux for real time for nfv
- version/redhat enterprise linux for real time for nfv/7
- version/redhat enterprise linux for real time for nfv/8
- canonical/redhat enterprise linux for real time for nfv tus
- version/redhat enterprise linux for real time for nfv tus/8.2
- version/redhat enterprise linux for real time for nfv tus/8.4
- canonical/redhat enterprise linux for real time tus
- version/redhat enterprise linux for real time tus/8.2
- version/redhat enterprise linux for real time tus/8.4
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/7.0
- version/red hat enterprise linux server/8.2
- version/red hat enterprise linux server/8.4
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/7.0
- canonical/red hat enterprise mrg
- version/red hat enterprise mrg/2.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0