Google has detailed the presence of a significant security flaw that affects Linux. Allowing taking control of a computer through Bluetooth and without further interaction.
Google has reported a serious security flaw affecting the Bluetooth stack on Linux kernel versions below Linux 5.9 that support BlueZ.
This vulnerability is known as BleedingTooth and affects the Bluetooth subsystem of Linux. If it exploits, something that at the moment, there is no knowledge will allow the attacker to create an irrational code for Kernel rights. The matter is that the end-user does not even have to intervene to attack. Since the failure occurs if he is activated Bluetooth.
BlueZ, which is the name for the software stack implemented by default to all Bluetooth protocols for Linux. Is present in all types of laptops and Internet of Things (IoT) devices.
Google has shown the operation of the failure exploited through the video that accompanies the news. Google adds that “it is a zero-click Linux Bluetooth remote code execution flaw”. We can see how the attack has reproduced using a Ubuntu laptop’s commands to open the calculator on a second laptop in the video.
From Intel, it stated that “incorrect input validation in BlueZ can allow an unauthenticated user to enable privilege escalation through adjacent access potentially“. Intel recommends updating the Linux kernel to version 5.10 or later.
In any case, the failure’s execution is not easy. Because the attacker would be required to be in the Bluetooth range of the victim’s device.
According to Francis Perry of the Google Product Security Event Response Team. An intruder within the Bluetooth range who knows the device’s Bluetooth address (bd address) can create a code of dispute over kernel rights. BleedingTooth affects Linux kernel versions 5.8 and above but not Linux 5.9 and above.
“A remote attacker knowing the victim’s bd address can send a malicious l2cap packet. And cause service refusal or improper coding by kernel rights. Vicious Bluetooth chips can also pose a risk,” Perry wrote.