A flaw was found in the Linux kernel's implementation of Logical Link Control and Adaptation Protocol (L2CAP), part of the Bluetooth stack. An attacker, within the range of standard Bluetooth transmissions, can create and send a specially crafted packet. The response to this specially crafted packet can contain part of the kernel stack which can be used in a further attack.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | kernel | 2019-05-02 17:22 | ALAS-2019-1201 |
Amazon Linux 2 - Core | kernel | 2019-05-02 18:45 | ALAS2-2019-1201 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 5.3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
NVD | CVSSv2 | 3.3 | AV:A/AC:L/Au:N/C:P/I:N/A:N |
NVD | CVSSv3 | 6.5 | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |