---

Ubuntu and Debian Get Patches for Bluetooth Remote Code Execution Flaws, Update Now

Discovered by security researcher Andy Nguyen in Linux kernel’s Bluetooth L2CAP and Bluetooth A2MP implementation, as well as the Bluetooth HCI event packet parser, the CVE-2020-12351, CVE-2020-12352, and CVE-2020-24490 vulnerabilities are affecting Debian GNU/Linux 10, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. While CVE-2020-12351 and CVE-2020-24490 could allow a physically proximate remote attacker to crash the system by causing a denial of service or execute arbitrary code, CVE-2020-12352 let physically proximate remote attackers to expose sensitive information (kernel memory).