{"vulnerability": "CVE-2020-24490", "sightings": [{"uuid": "b3587dd6-0c82-4453-ac6f-cc3ca03f9056", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-24490", "type": "seen", "source": "https://t.me/novitoll_ch/105", "content": "https://youtu.be/iEByzdTp-44\n\n\u0420\u0430\u0437\u043e\u0431\u0440\u0430\u043b CVE-2020-12352 (stack leak \u0432 struct a2mp_info_rsp),  CVE-2020-12351 (heap-based type confusion \u0432  sk_filter(struct amp_mgr data)),  \u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u0438\u043b, \u0447\u0442\u043e \u0443 \u043c\u0435\u043d\u044f \u0441 Bluetooth 4.1  \u043d\u0435 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 CVE-2020-24490, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0432\u0430\u043b\u0438\u0434\u0435\u043d  \u0442\u043e\u043b\u044c\u043a\u043e \u0434\u043b\u044f Bluetooth 5 chip + \u0432 \u0440\u0435\u0436\u0438\u043c\u0435 \u0441\u043b\u0443\u0448\u0430\u043d\u0438\u044f. \n\n\u041d\u0430 \u0441\u043b\u0435\u0434 \u0440\u0430\u0437 \u043f\u043e\u0434\u0433\u043e\u0442\u043e\u0432\u043b\u044e Ubuntu 20.04 + KASAN, \u043f\u043e\u0442\u043e\u043c\u0443 \u0447\u0442\u043e \u0442\u0435\u043a\u0443\u0449\u0438\u0439 \u043d\u0435 \u0437\u0430\u0432\u0435\u043b\u0441\u044f \u043f\u043e\u0447\u0435\u043c\u0443-\u0442\u043e, \u043c\u0431 BusyBox \u0434\u0430\u0436\u0435 \u043b\u0443\u0447\u0448\u0435 \u0431\u0443\u0434\u0435\u0442.  \u0418 \u0435\u0449\u0435 \u0431\u044b \u0441\u0442\u0430\u0442\u044c\u044e \u043d\u0430\u043f\u0438\u0441\u0430\u0442\u044c \u0447\u0442\u043e \u043b\u0438 \u0434\u043b\u044f \u0430\u043d\u0433\u043b\u043e\u043f\u0443\u0431\u043b\u0438\u043a\u0438. Stay tuned ^_^", "creation_timestamp": "2020-10-17T21:21:58.000000Z"}, {"uuid": "d990ef50-f691-40af-bddb-4526658af6f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-24490", "type": "seen", "source": "https://t.me/arpsyndicate/109", "content": "#ExploitObserverAlert\n\nCVE-2020-24490\n\nDESCRIPTION: Exploit Observer has 10 entries related to CVE-2020-24490. Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ.\n\nFIRST-EPSS: 0.000620000\nNVD-IS: 3.6\nNVD-ES: 2.8", "creation_timestamp": "2023-11-12T02:58:30.000000Z"}, {"uuid": "b7bff6e9-2b75-44e4-a897-8a27c6c3e427", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-24490", "type": "seen", "source": "https://t.me/cibsecurity/22980", "content": "\u203c CVE-2020-24490 \u203c\n\nImproper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-03T00:55:46.000000Z"}, {"uuid": "c16d01ef-4c63-4894-b202-121f3bb84804", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-24490", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/1918", "content": "#WLAN_Security\nBleedingTooth:\nVulnerabilities in Linux Bluetooth Allow 0-Click Attacks:\n1. CVE-2020-12351.\nHeap-Based Type Confusion in L2CAP:\nhttps://github.com/google/security-research/security/advisories/GHSA-h637-c88j-47wq\n2. CVE-2020-12352.\nBadChoice - Stack-Based Infoleak in A2MP:\nhttps://github.com/google/security-research/security/advisories/GHSA-7mh3-gq28-gfrq\n3. CVE-2020-24490.\nHeap-Based Buffer Overflow in HCI event packet parser:\nhttps://github.com/google/security-research/security/advisories/GHSA-ccx2-w2r4-x649", "creation_timestamp": "2024-07-19T19:59:44.000000Z"}, {"uuid": "a2fe9753-e044-4a7e-bf95-e52201ab4547", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-24490", "type": "seen", "source": "https://t.me/SecLabNews/9073", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u043c \u0441\u0442\u0435\u043a\u0435 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432 Bluetooth \u0432 \u044f\u0434\u0440\u0435 Linux (CVE-2020-12351, CVE-2020-12352 \u0438 CVE-2020-24490), \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0438\u0435 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 BleedingTooth, \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0438\u043b\u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438.     \n\ufeff\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0441\u0442\u0435\u043a\u0435 Bluetooth \u0434\u043b\u044f Linux \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0442\u044c \u0430\u0442\u0430\u043a\u0438 zero-click", "creation_timestamp": "2020-10-15T10:10:02.000000Z"}]}