medium
6.5
CWE
20 909 284 201
Advisory Published
CVE Published
CVE Published
Updated

CVE-2020-12352: Input Validation

First published: Thu Oct 08 2020(Updated: )

An information leak flaw was found in the way Linux kernel Bluetooth stack implementation handled initialization of stack memory when handling certain AMP packets. A remote attacker in adjacent range could use this flaw to leak small portions of stack memory on the system by sending a specially crafted AMP packets.

Credit: secure@intel.com

Affected SoftwareAffected VersionHow to fix
redhat/kernel-rt<0:3.10.0-1160.2.2.rt56.1134.el7
0:3.10.0-1160.2.2.rt56.1134.el7
redhat/kernel<0:3.10.0-1160.2.2.el7
0:3.10.0-1160.2.2.el7
redhat/kernel-alt<0:4.14.0-115.32.1.el7a
0:4.14.0-115.32.1.el7a
redhat/kernel<0:3.10.0-327.93.1.el7
0:3.10.0-327.93.1.el7
redhat/kernel<0:3.10.0-514.85.1.el7
0:3.10.0-514.85.1.el7
redhat/kernel<0:3.10.0-693.77.1.el7
0:3.10.0-693.77.1.el7
redhat/kernel<0:3.10.0-957.61.2.el7
0:3.10.0-957.61.2.el7
redhat/kernel<0:3.10.0-1062.37.1.el7
0:3.10.0-1062.37.1.el7
redhat/kernel-rt<0:4.18.0-193.28.1.rt13.77.el8_2
0:4.18.0-193.28.1.rt13.77.el8_2
redhat/kernel<0:4.18.0-193.28.1.el8_2
0:4.18.0-193.28.1.el8_2
redhat/kernel<0:4.18.0-80.30.1.el8_0
0:4.18.0-80.30.1.el8_0
redhat/kernel<0:4.18.0-147.32.1.el8_1
0:4.18.0-147.32.1.el8_1
Linux Kernel=5.8
Linux Kernel=5.9
All of
Any of
Linux Kernel>=5.4<5.4.72
Linux Kernel>=5.8.0<5.8.16
Linux Kernel>=5.9.0<=5.9.13
BlueZ
Linux Kernel>=5.4<5.4.72
Linux Kernel>=5.8.0<5.8.16
Linux Kernel>=5.9.0<=5.9.13
BlueZ
debian/linux
5.10.223-1
5.10.226-1
6.1.123-1
6.1.119-1
6.12.10-1
6.12.11-1

Remedy

To mitigate these vulnerabilities on the operating system level, disable the Bluetooth functionality via blocklisting kernel modules in the Linux kernel. The kernel modules can be prevented from being loaded by using system-wide modprobe rules. Instructions on how to disable Bluetooth modules are available on the Customer Portal at https://access.redhat.com/solutions/2682931. Alternatively, Bluetooth can be disabled within the hardware or at BIOS level which will also provide an effective mitigation as the kernel will not be able to detect that Bluetooth hardware is present on the system.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

  • What is the severity of CVE-2020-12352?

    CVE-2020-12352 is rated as a medium severity vulnerability due to its ability to leak information from stack memory.

  • How do I fix CVE-2020-12352?

    To fix CVE-2020-12352, update to the appropriate kernel versions listed in your distribution's security advisory.

  • Which versions of the Linux kernel are affected by CVE-2020-12352?

    CVE-2020-12352 affects multiple versions of the Linux kernel including certain 3.10, 4.14, and 5.x versions.

  • Can CVE-2020-12352 be exploited remotely?

    Yes, CVE-2020-12352 can be exploited by a remote attacker within adjacent range to leak memory.

  • What types of systems are vulnerable to CVE-2020-12352?

    Systems running affected versions of the Linux kernel that utilize Bluetooth functionality are vulnerable to CVE-2020-12352.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203