There is a present safety warning for the Linux Kernel (Bluetooth). Several dangers have been recognized. Here you’ll find out what threatens the IT safety of UNIX techniques, how excessive the danger stage is and what to do about it.
Federal workplace for Security in Information Technology (BSI) has issued a safety advisory for Linux kernel (Bluetooth) on May 22, 2024. The software program incorporates a number of vulnerabilities that may be exploited by attackers. The safety vulnerability impacts the UNIX working system and the Open Source Linux Kernel product.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability might be discovered right here: Linux CVE announcement CVE-2024-36013 (From 23 May 2024). Some helpful sources are listed later on this article.
Several Linux Kernel (Bluetooth) vulnerabilities have been reported – Risk: average
Risk stage: 2 (average)
CVSS Base Score: 5.9
CVSS interim rating: 5,2
Remote assault: No
The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of laptop techniques. The CVSS commonplace makes it doable to check potential or precise safety dangers based mostly on varied standards to create a precedence checklist for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. Temporal scores additionally take note of adjustments over time within the danger scenario. The severity of the vulnerability talked about right here is assessed as “average” in response to the CVSS with a base rating of 5.9.
Linux Kernel (Bluetooth) Bug: Implications for IT assaults
The kernel represents the core of the Linux working system.
A neighborhood attacker can exploit a number of vulnerabilities within the Bluetooth part of the Linux kernel to carry out a denial of service assault or carry out an unspecified assault.
Vulnerabilities are recognized by distinctive CVE (Common Vulnerabilities and Exposures) product numbers. CVE-2024-36011, CVE-2024-36012 and CVE-2024-36013 on the market.
Systems affected by the safety hole at a look
working system
UNIX
Products
Open Source Linux Kernel Open Source Linux Kernel Open Source Linux Kernel Open Source Linux Kernel
General steps for coping with IT vulnerabilities
- Users of affected techniques ought to keep up-to-date. When safety holes are recognized, producers are required to repair them shortly by growing a patch or workaround. If safety patches can be found, set up them instantly.
- For data, see the sources listed within the subsequent part. This usually incorporates extra details about the newest model of the software program in query and the supply of safety patches or efficiency suggestions.
- If you may have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to verify each time a producing firm makes a brand new safety replace obtainable.
Sources for updates, patches and workarounds
Here you can see some hyperlinks with details about bug studies, safety fixes and workarounds.
Linux CVE announcement CVE-2024-36013 vom 2024-05-23 (22.05.2024)
For extra data, see:
Linux CVE announcement CVE-2024-36012 vom 2024-05-23 (22.05.2024)
For extra data, see:
Linux CVE announcement CVE-2024-36011 vom 2024-05-23 (22.05.2024)
For extra data, see:
Version historical past of this safety alert
This is the primary model of this IT safety discover for Linux Kernel (Bluetooth). If updates are introduced, this doc shall be up to date. You can examine adjustments or additions on this model historical past.
May 22, 2024 – First model
+++ Editorial notice: This doc is predicated on present BSI knowledge and shall be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
observe News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you can see scorching information, present movies and a direct line to the editorial staff.
kns/roj/information.de