Google, which has given the flaws it has reported the collective name BleedingTooth, says in one case kernels from 4.8 upwards are susceptible to a heap-based type confusion, the severity of which it says is high.
They are now claiming you need a 5.10 kernel or newer to solve this. 5.10 will be released at the end of December, 2020.— Greg K-H (@gregkh) October 15, 2020
Intel knows better, and knows how to do this properly, this feels malicious at this point... https://t.co/BJ6ti0yTyw
One of its employees, Andy Nguyen, described the vulnerabilities this way: "BleedingTooth is a set of zero-click vulnerabilities in the Linux Bluetooth subsystem that can allow an unauthenticated remote attacker in short distance to execute arbitrary code with kernel privileges on vulnerable devices."
The kernel Bluetooth stack is known as Bluez. The Android mobile operating system uses a modified Linux kernel, but the Bluetooth stack used is not affected by these flaws.
BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution— Andy Nguyen (@theflow0) October 13, 2020
Blog post available soon on: https://t.co/2SDRm6PZaQ
Google Security Research Repository: https://t.co/0HolidyWvV
Intel Security Advisory: https://t.co/kfGj3MWajy
Google also provided code for a proof-of-concept for this flaw and researcher Francis Perron said he had used the code to demonstrate a kernel panic on Ubuntu 20.04 LTS.
Nguyen has released a short video showing the execution of remote code to take advantage of these flaws, adding that more details would be published later.
Intel's advisory also listed the three flaws and offered fixes.