An information leak flaw was found in the way Linux kernel's Bluetooth stack implementation handled initialization of stack memory when handling certain AMP (Alternate MAC-PHY Manager Protocol) packets. This flaw allows a remote attacker in an adjacent range to leak small portions of stack memory on the system by sending specially crafted AMP packets. The highest threat from this vulnerability is to data confidentiality.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | kernel | 2020-11-14 01:22 | ALAS-2020-1446 |
Amazon Linux 2 - Core | kernel | 2020-11-09 17:10 | ALAS2-2020-1556 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 5.3 | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
NVD | CVSSv3 | 6.5 | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
NVD | CVSSv2 | 3.3 | AV:A/AC:L/Au:N/C:P/I:N/A:N |