BleedingTooth
What is BleedingTooth?
BleedingToothA 2020 set of Linux BlueZ Bluetooth vulnerabilities, headlined by CVE-2020-12351, that permitted zero-click remote code execution on vulnerable Linux hosts.
BleedingTooth is the name Google researcher Andy Nguyen gave in October 2020 to a trio of flaws in the BlueZ Bluetooth stack used by Linux. The most severe, CVE-2020-12351 (CVSS 8.3), was a heap-based type-confusion in L2CAP that allowed an unauthenticated attacker within Bluetooth range to gain kernel code execution with no user interaction, as long as the target was discoverable and Bluetooth Classic was active. The related CVE-2020-12352 leaked stack memory, and CVE-2020-24490 corrupted heap memory via crafted advertising frames in Bluetooth Low Energy. Intel and the Linux kernel maintainers released patches in October 2020. BleedingTooth highlighted the systemic risk of the BlueZ stack in IoT and embedded Linux deployments.
● Examples
- 01
Google PoC in October 2020 demonstrating kernel RCE on Ubuntu via CVE-2020-12351.
- 02
CVE-2020-24490 affecting Bluetooth Low Energy advertising in the BlueZ stack.
● Frequently asked questions
What is BleedingTooth?
A 2020 set of Linux BlueZ Bluetooth vulnerabilities, headlined by CVE-2020-12351, that permitted zero-click remote code execution on vulnerable Linux hosts. It belongs to the Attacks & Threats category of cybersecurity.
What does BleedingTooth mean?
A 2020 set of Linux BlueZ Bluetooth vulnerabilities, headlined by CVE-2020-12351, that permitted zero-click remote code execution on vulnerable Linux hosts.
How does BleedingTooth work?
BleedingTooth is the name Google researcher Andy Nguyen gave in October 2020 to a trio of flaws in the BlueZ Bluetooth stack used by Linux. The most severe, CVE-2020-12351 (CVSS 8.3), was a heap-based type-confusion in L2CAP that allowed an unauthenticated attacker within Bluetooth range to gain kernel code execution with no user interaction, as long as the target was discoverable and Bluetooth Classic was active. The related CVE-2020-12352 leaked stack memory, and CVE-2020-24490 corrupted heap memory via crafted advertising frames in Bluetooth Low Energy. Intel and the Linux kernel maintainers released patches in October 2020. BleedingTooth highlighted the systemic risk of the BlueZ stack in IoT and embedded Linux deployments.
How do you defend against BleedingTooth?
Defences for BleedingTooth typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for BleedingTooth?
Common alternative names include: BlueZ vulnerabilities, Linux Bluetooth zero-click.
● Related terms
- attacks№ 111
BlueBorne
A 2017 set of Bluetooth vulnerabilities discovered by Armis that allowed remote code execution and man-in-the-middle attacks on Android, iOS, Linux, and Windows.
- attacks№ 121
BrakTooth
A 2021 family of 16+ Bluetooth Classic vulnerabilities in commercial SoCs disclosed by researchers at the Singapore University of Technology and Design.
- ot-iot№ 552
IoT Security
The discipline of protecting Internet-of-Things devices, gateways, networks, and cloud services from compromise, given their scale, constrained resources, and long lifetimes.