vulnerability
Arch Linux: Information disclosure (CVE-2020-12352)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 3 | (AV:A/AC:L/Au:N/C:P/I:N/A:N) | Nov 23, 2020 | Jul 11, 2025 | Nov 27, 2025 |
Severity
3
CVSS
(AV:A/AC:L/Au:N/C:P/I:N/A:N)
Published
Nov 23, 2020
Added
Jul 11, 2025
Modified
Nov 27, 2025
Description
An information leak flaw was found in the way the Linux kernel's Bluetooth stack implementation handled initialization of stack memory when handling certain AMP packets. A remote attacker in adjacent range could use this flaw to leak small portions of stack memory on the system by sending a specially crafted AMP packets. The highest threat from this vulnerability is to data confidentiality.
Solution
arch-linux-upgrade-latest
References
- CVE-2020-12352
- https://attackerkb.com/topics/CVE-2020-12352
- URL-http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html
- URL-http://packetstormsecurity.com/files/162131/Linux-Kernel-5.4-BleedingTooth-Remote-Code-Execution.html
- URL-https://security.archlinux.org/ASA-202010-2
- URL-https://security.archlinux.org/ASA-202010-3
- URL-https://security.archlinux.org/ASA-202010-4
- URL-https://security.archlinux.org/ASA-202010-9
- URL-https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
- URL-https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html?wapkw=CVE-2020-12351
- CWE-909
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.