What is the severity of CVE-2019-3459?

CVE-2019-3459 has been rated as a moderate severity vulnerability.

How do I fix CVE-2019-3459?

To fix CVE-2019-3459, ensure your system is updated to a version of the Linux kernel that is not affected, such as those specified in the advisory.

What systems are affected by CVE-2019-3459?

CVE-2019-3459 impacts several versions of the Linux kernel on various systems including Red Hat, Ubuntu, and Debian.

Can CVE-2019-3459 be exploited remotely?

CVE-2019-3459 can be exploited by attackers within range of standard Bluetooth transmissions.

Is there a patch available for CVE-2019-3459?

Yes, patches for CVE-2019-3459 are available in the updated kernel releases from the affected distributions.

Vulnerability/
CVE-2019-3459

medium

6.5

CWE

125 200

3/1/2019

11/1/2019

11/4/2019

21/11/2024

CVE-2019-3459: Infoleak

First published: Thu Jan 03 2019(Updated: )

A flaw was found in the Linux kernel's implementation of Logical Link Control and Adaptation Protocol (L2CAP), part of the Bluetooth stack. An attacker, within the range of standard Bluetooth transmissions, can create and send a specially crafted packet. The response to this specially crafted packet can contain part of the kernel stack which can be used in a further attack.

Credit: security@debian.org security@debian.org security@debian.org

Affected Software	Affected Version	How to fix
redhat/kernel-rt	<0:3.10.0-1062.rt56.1022.el7	0:3.10.0-1062.rt56.1022.el7
redhat/kernel	<0:3.10.0-1062.el7	0:3.10.0-1062.el7
redhat/kernel-alt	<0:4.14.0-115.18.1.el7a	0:4.14.0-115.18.1.el7a
redhat/kernel-rt	<0:4.18.0-147.rt24.93.el8	0:4.18.0-147.rt24.93.el8
redhat/kernel	<0:4.18.0-147.el8	0:4.18.0-147.el8
Linux Kernel	<=5.1
Ubuntu Linux	=14.04
Ubuntu Linux	=16.04
Ubuntu Linux	=18.04
Ubuntu Linux	=18.10
redhat codeready Linux builder	=8.0
Red Hat Enterprise Linux	=5.0
Red Hat Enterprise Linux	=6.0
Red Hat Enterprise Linux	=7.0
Red Hat Enterprise Linux	=8.0
redhat enterprise Linux desktop	=7.0
redhat enterprise Linux eus	=8.1
redhat enterprise Linux eus	=8.2
redhat enterprise Linux eus	=8.4
redhat enterprise Linux for real time	=7
redhat enterprise Linux for real time	=8
redhat enterprise Linux for real time for nfv	=7
redhat enterprise Linux for real time for nfv	=8
redhat enterprise Linux for real time for nfv tus	=8.2
redhat enterprise Linux for real time for nfv tus	=8.4
redhat enterprise Linux for real time tus	=8.2
redhat enterprise Linux for real time tus	=8.4
redhat enterprise Linux server	=7.0
redhat enterprise Linux server aus	=8.2
redhat enterprise Linux server aus	=8.4
redhat enterprise Linux server tus	=8.2
redhat enterprise Linux server tus	=8.4
redhat enterprise Linux workstation	=7.0
Red Hat Enterprise MRG	=2.0
Debian GNU/Linux	=8.0
debian/linux		5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.16-1
Linux kernel	<=5.1
Red Hat CodeReady Linux Builder	=8.0
Red Hat Enterprise Linux Desktop	=7.0
Red Hat Enterprise Linux Server EUS	=8.1
Red Hat Enterprise Linux Server EUS	=8.2
Red Hat Enterprise Linux Server EUS	=8.4
Red Hat Enterprise Linux for Real Time	=7
Red Hat Enterprise Linux for Real Time	=8
Red Hat Enterprise Linux for Real Time for NFV	=7
Red Hat Enterprise Linux for Real Time for NFV	=8
Red Hat Enterprise Linux for Real Time for NFV	=8.2
Red Hat Enterprise Linux for Real Time for NFV	=8.4
Red Hat Enterprise Linux for Real Time	=8.2
Red Hat Enterprise Linux for Real Time	=8.4
Red Hat Enterprise Linux Server	=7.0
Red Hat Enterprise Linux Server	=8.2
Red Hat Enterprise Linux Server	=8.4
Red Hat Enterprise Linux Server	=8.2
Red Hat Enterprise Linux Server	=8.4
Red Hat Enterprise Linux Workstation	=7.0
Debian	=8.0

Remedy

- Disabling the bluetooth hardware in the bios. - Prevent loading of the bluetooth kernel modules. - Disable the bluetooth connection by putting the system in "airport" mode.

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is the severity of CVE-2019-3459?
CVE-2019-3459 has been rated as a moderate severity vulnerability.
How do I fix CVE-2019-3459?
To fix CVE-2019-3459, ensure your system is updated to a version of the Linux kernel that is not affected, such as those specified in the advisory.
What systems are affected by CVE-2019-3459?
CVE-2019-3459 impacts several versions of the Linux kernel on various systems including Red Hat, Ubuntu, and Debian.
Can CVE-2019-3459 be exploited remotely?
CVE-2019-3459 can be exploited by attackers within range of standard Bluetooth transmissions.
Is there a patch available for CVE-2019-3459?
Yes, patches for CVE-2019-3459 are available in the updated kernel releases from the affected distributions.

collector/redhat-cve
agent/type
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2019-3459
agent/weakness
agent/severity
collector/mitre-cve
source/MITRE
agent/references
agent/remedy
collector/usn-cve
source/Ubuntu
agent/description
agent/last-modified-date
agent/author
agent/trending
agent/source
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/event
collector/security-tracker-debian
source/Debian
agent/softwarecombine
agent/tags
collector/nvd-api
collector/nvd-index
package-manager/redhat
vendor/linux
canonical/linux kernel
version/linux kernel/5.1
vendor/canonical
canonical/ubuntu linux
version/ubuntu linux/14.04
version/ubuntu linux/16.04
version/ubuntu linux/18.04
version/ubuntu linux/18.10
vendor/redhat
canonical/redhat codeready linux builder
version/redhat codeready linux builder/8.0
canonical/red hat enterprise linux
version/red hat enterprise linux/5.0
version/red hat enterprise linux/6.0
version/red hat enterprise linux/7.0
version/red hat enterprise linux/8.0
canonical/redhat enterprise linux desktop
version/redhat enterprise linux desktop/7.0
canonical/redhat enterprise linux eus
version/redhat enterprise linux eus/8.1
version/redhat enterprise linux eus/8.2
version/redhat enterprise linux eus/8.4
canonical/redhat enterprise linux for real time
version/redhat enterprise linux for real time/7
version/redhat enterprise linux for real time/8
canonical/redhat enterprise linux for real time for nfv
version/redhat enterprise linux for real time for nfv/7
version/redhat enterprise linux for real time for nfv/8
canonical/redhat enterprise linux for real time for nfv tus
version/redhat enterprise linux for real time for nfv tus/8.2
version/redhat enterprise linux for real time for nfv tus/8.4
canonical/redhat enterprise linux for real time tus
version/redhat enterprise linux for real time tus/8.2
version/redhat enterprise linux for real time tus/8.4
canonical/redhat enterprise linux server
version/redhat enterprise linux server/7.0
canonical/redhat enterprise linux server aus
version/redhat enterprise linux server aus/8.2
version/redhat enterprise linux server aus/8.4
canonical/redhat enterprise linux server tus
version/redhat enterprise linux server tus/8.2
version/redhat enterprise linux server tus/8.4
canonical/redhat enterprise linux workstation
version/redhat enterprise linux workstation/7.0
canonical/red hat enterprise mrg
version/red hat enterprise mrg/2.0
vendor/debian
canonical/debian gnu/linux
version/debian gnu/linux/8.0
package-manager/debian
canonical/red hat codeready linux builder
version/red hat codeready linux builder/8.0
canonical/red hat enterprise linux desktop
version/red hat enterprise linux desktop/7.0
canonical/red hat enterprise linux server eus
version/red hat enterprise linux server eus/8.1
version/red hat enterprise linux server eus/8.2
version/red hat enterprise linux server eus/8.4
canonical/red hat enterprise linux for real time
version/red hat enterprise linux for real time/7
version/red hat enterprise linux for real time/8
canonical/red hat enterprise linux for real time for nfv
version/red hat enterprise linux for real time for nfv/7
version/red hat enterprise linux for real time for nfv/8
version/red hat enterprise linux for real time for nfv/8.2
version/red hat enterprise linux for real time for nfv/8.4
version/red hat enterprise linux for real time/8.2
version/red hat enterprise linux for real time/8.4
canonical/red hat enterprise linux server
version/red hat enterprise linux server/7.0
version/red hat enterprise linux server/8.2
version/red hat enterprise linux server/8.4
canonical/red hat enterprise linux workstation
version/red hat enterprise linux workstation/7.0
canonical/debian
version/debian/8.0

CVE-2019-3459: Infoleak

Remedy

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2019-3459?

How do I fix CVE-2019-3459?

What systems are affected by CVE-2019-3459?

Can CVE-2019-3459 be exploited remotely?

Is there a patch available for CVE-2019-3459?

Company

Resources

Contact