CVE-2020-25662
MEDIUMRed Hat Enterprise Linux - Information Disclosure via Bluetooth AMP Packet Handling
Title source: llmDescription
A Red Hat only CVE-2020-12352 regression issue was found in the way the Linux kernel's Bluetooth stack implementation handled the initialization of stack memory when handling certain AMP packets. This flaw allows a remote attacker in an adjacent range to leak small portions of stack memory on the system by sending specially crafted AMP packets. The highest threat from this vulnerability is to data confidentiality.
References (3)
Core 3
Core References
Mitigation, Vendor Advisory
https://access.redhat.com/security/cve/CVE-2020-12352
Vendor Advisory
https://access.redhat.com/security/vulnerabilities/BleedingTooth
Issue Tracking, Mitigation, Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25662
Scores
CVSS v3
5.3
EPSS
0.0118
EPSS Percentile
63.4%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-284
CWE-665
Status
published
Products (1)
redhat/enterprise_linux
8.3
Published
Nov 05, 2020
Tracked Since
Feb 18, 2026