Vulnerability Name: | CVE-2020-25662 (CCN-191227) |
Assigned: | 2020-11-03 |
Published: | 2020-11-03 |
Updated: | 2023-02-12 |
Summary: | A Red Hat only CVE-2020-12352 regression issue was found in the way the Linux kernel's Bluetooth stack implementation handled the initialization of stack memory when handling certain AMP packets. This flaw allows a remote attacker in an adjacent range to leak small portions of stack memory on the system by sending specially crafted AMP packets. The highest threat from this vulnerability is to data confidentiality. |
CVSS v3 Severity: | 5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) 4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)Exploitability Metrics: | Attack Vector (AV): Adjacent Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): High Integrity (I): None Availibility (A): None | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) 4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)Exploitability Metrics: | Attack Vector (AV): Adjacent Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): High Integrity (I): None Availibility (A): None | 5.3 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) 4.6 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)Exploitability Metrics: | Attack Vector (AV): Adjacent Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): High Integrity (I): None Availibility (A): None |
|
CVSS v2 Severity: | 3.3 Low (CVSS v2 Vector: AV:A/AC:L/Au:N/C:P/I:N/A:N)Exploitability Metrics: | Access Vector (AV): Adjacent_Network Access Complexity (AC): Low Authentication (Au): None | Impact Metrics: | Confidentiality (C): Partial Integrity (I): None Availibility (A): None | 4.6 Medium (CCN CVSS v2 Vector: AV:A/AC:H/Au:N/C:C/I:N/A:N)Exploitability Metrics: | Access Vector (AV): Adjacent_Network Access Complexity (AC): High Athentication (Au): None
| Impact Metrics: | Confidentiality (C): Complete Integrity (I): None Availibility (A): None |
|
Vulnerability Type: | CWE-665
|
Vulnerability Consequences: | Obtain Information |
References: | Source: MITRE Type: CNA CVE-2020-25662
Source: CCN Type: Red Hat Web site CVE-2020-12352
Source: secalert@redhat.com Type: Mitigation, Vendor Advisory secalert@redhat.com
Source: secalert@redhat.com Type: Vendor Advisory secalert@redhat.com
Source: CCN Type: Red Hat Bugzilla - Bug 1891484 (CVE-2020-25662) - CVE-2020-25662 kernel: Red Hat only CVE-2020-12352 regression
Source: secalert@redhat.com Type: Issue Tracking, Mitigation, Vendor Advisory secalert@redhat.com
Source: XF Type: UNKNOWN redhat-cve202025662-info-disc(191227)
|
Vulnerable Configuration: | Configuration RedHat 1: cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*Configuration RedHat 2: cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*Configuration RedHat 3: cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*Configuration RedHat 4: cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*Configuration RedHat 5: cpe:/a:redhat:enterprise_linux:8::nfv:*:*:*:*:*Configuration RedHat 6: cpe:/a:redhat:enterprise_linux:8::realtime:*:*:*:*:* Configuration CCN 1: cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*OR cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*
Denotes that component is vulnerable |
Oval Definitions |
|
BACK |