BleedingTooth, vulnerability in the Linux kernel that allows code to be executed through Bluetooth

Pablinux

2 minutes

Bleedingtooth

It is a fact that there is no such thing as the perfect operating system or software. Linux users tend to be calm because we think that we are working on an operating system that is difficult to violate, but from time to time news like today's come out. Specifically, we are talking about a vulnerability in the linux kernel that they have baptized as Bleedingtooth, name that modifies the «blue tooth» of the protocol to leave it in «bleeding tooth».

It was Andy Nguyen, a Google engineer, who has sounded the alarm. Nguyen has found a new vulnerability in Linux kernel running on BlueZ, a software related to the Bluetooth Stack. According to the engineer, a close user could execute code at the superuser (root) level, as we can see in the video that you have below these lines.

BleedingTooth, attracts attention, but not very dangerous

What Nguyen has discovered is that the vulnerability allows any hacker who is close to the action range of Bluetooth, which is about 10m, get root access to computers or devices using BlueZ. Many Internet of Things (IoT) devices use BlueZ to allow us to communicate with our devices. Intel, one of the main players in the group behind BlueZ, has announced that it is important to mention that the vulnerability is a flaw that provides privilege escalation or information disclosure.

Because the discovery is recent, little else is known about BleedingTooth at the moment, but the BlueZ team has already released a patch to address the problem and it is available for developers to implement in their software. On the other hand, Intel has released a statement on its website notifying of the existence of the problem, labeling the severity of the threat as high.

Still, not much to worry about. The hacker should be within 10m of our team and know it to be able to connect to it and exploit the vulnerability. In addition, for a flaw that affects Linux, it is a matter of days before the patch reaches most of the major distributions.


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   devuanitaferoz said
    ago 4 years

    vulnerability in the Linux kernel »
    Well, I think the vulnerability IS NOT FROM THE KERNEL nor does it have to do with Torvalds, BlueZ is a software that consists of a series of modules and libraries that can be installed in the kernel with the bluez-utils and bluez-firmware packages, developed by the team of http://www.bluez.org and it is they who have to fix the problem and in fact they have released the patch,
    That affects Linux users who have these packages installed, on computers and equipment that have a Bluetooth device on their hardware and are running that module, well, yes, but that's something else.

    Reply to devuanitaferoz
  2.   Ajax said
    ago 4 years

    As a regular Linux user I have never believed that the Penguin's OS is more secure than any other. Not even that MS Windows. It just has a market share that doesn't make it too appetizing. If it were used by 90% of the people, things would look very different. It is the only advantage that I see in your status quo.

    Reply to Ajax