CVE-2019-3460

Public on 2019-04-11
Modified on 2019-05-06
Description
A flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_parse_conf_rsp and l2cap_parse_conf_req functions. An attacker with physical access within the range of standard Bluetooth transmission can create a specially crafted packet. The response to this specially crafted packet can contain part of the kernel stack which can be used in a further attack.
Severity
Medium severity
Medium
CVSS v3 Base Score
5.3
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 kernel 2019-05-02 ALAS-2019-1201 Fixed
Amazon Linux 2 - Core kernel 2019-05-02 ALAS2-2019-1201 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
NVD CVSSv2 3.3 AV:A/AC:L/Au:N/C:P/I:N/A:N
NVD CVSSv3 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N