CVE-2020-24490

NameCVE-2020-24490
DescriptionImproper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
ReferencesDLA-2420-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)buster4.19.249-2fixed
buster (security)4.19.260-1fixed
bullseye5.10.140-1fixed
bullseye (security)5.10.149-2fixed
bookworm, sid6.0.10-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsourcestretch4.9.240-1DLA-2420-1
linuxsourcebuster4.19.146-1
linuxsource(unstable)5.7.17-1

Notes

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
https://github.com/google/security-research/security/advisories/GHSA-ccx2-w2r4-x649
Fixed by: https://git.kernel.org/linus/a2ec905d1e160a33b2e210e45ad30445ef26ce0e (5.8)

Search for package or bug name: Reporting problems