CVE-2020-25662

EPSS 0.76%
Published 05.11.2020 21:15:12
Last modified 21.11.2024 05:18:23
Source secalert@redhat.com
Teams watchlist Login
Open Login

A Red Hat only CVE-2020-12352 regression issue was found in the way the Linux kernel's Bluetooth stack implementation handled the initialization of stack memory when handling certain AMP packets. This flaw allows a remote attacker in an adjacent range to leak small portions of stack memory on the system by sending specially crafted AMP packets. The highest threat from this vulnerability is to data confidentiality.

Affected products Warnungen 0 Metrics 4 CWE 2 References 6

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Enterprise Linux Version8.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.76%	0.709

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	3.3	6.5	2.9	AV:A/AC:L/Au:N/C:P/I:N/A:N
secalert@redhat.com	5.3	1.6	3.6	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-665 Improper Initialization

The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

https://access.redhat.com/security/vulnerabilities/BleedingTooth

Vendor Advisory

https://access.redhat.com/security/cve/CVE-2020-12352

Vendor Advisory

Mitigation

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25662

Vendor Advisory

Issue Tracking

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2020-25662

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-25662

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-25662

EUVD