from Hacker News

BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution

by raimue on 10/14/20, 10:08 PM with 5 comments

• by Liskni_si on 10/15/20, 9:23 AM

  Note that Intel's advisory has since been corrected to say "All Linux kernel versions before 5.10 that support BlueZ" are affected. The fix is not in 5.9 nor any stable, so this is essentially a 0day.

  For more details, see https://lwn.net/Articles/834325/ and other comments on the LWN article.

  (other HN posting of this article here: https://news.ycombinator.com/item?id=24779230)

• by kanox on 10/15/20, 8:00 AM

  Is there even a good reason for bluetooth support to be implemented inside the kernel?

• by joana035 on 10/15/20, 3:02 PM

  Worth noting the fix has been sent to linux-next instead and distros were not informed: https://twitter.com/mjg59/status/1316484882877435904

• by heeen2 on 10/15/20, 9:37 PM

  This seems like the kind of bug that makes mrrobot episodes seem plausible