CVE-2019-3460

Public on 2019-05-02
Modified on 2019-05-06
Description
A flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_parse_conf_rsp and l2cap_parse_conf_req functions. An attacker with physical access within the range of standard Bluetooth transmission can create a specially crafted packet. The response to this specially crafted packet can contain part of the kernel stack which can be used in a further attack.
Severity
Medium
CVSS v3 Base Score
5.3
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 2 kernel 2019-05-02 18:45 ALAS2-2019-1201
Amazon Linux 1 kernel 2019-05-02 17:22 ALAS-2019-1201

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
NVD CVSSv2 3.3 AV:A/AC:L/Au:N/C:P/I:N/A:N
NVD CVSSv3 6.5 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N