Google and Intel warn of high-severity Bluetooth security bug in Linux

While a Google researcher said the bug allows seamless code execution by attackers within Bluetooth range, Intel is characterizing the flaw as providing an escalation of privileges or the disclosure of information.The flaw resides in BlueZ, the software stack that by default implements all Bluetooth core protocols and layers for Linux. It works with Linux versions 2.4.6 and later.So far, little is known about BleedingTooth, the name given by Google engineer Andy Nguyen, who said that a blog post will be published “soon.” A Twitter thread and a YouTube video provide the most detail and give the impression that the bug provides a reliable way for nearby attackers to execute malicious code of their choice on vulnerable Linux devices that use BlueZ for Bluetooth.Further ReadingBillions of devices imperiled by new clickless Bluetooth attack“BleedingTooth is a set of zero-click vulnerabilities in the Linux Bluetooth subsystem that can allow an unauthenticated remote attacker in short distance to execute arbitrary code with kernel privileges on vulnerable devices,” the researcher wrote. He said his discovery was inspired by research that led to BlueBorne, another proof-of-concept exploit that allowed attackers to send commands of their choice without requiring device users click any links, connect to a rogue Bluetooth device, or take any other action short of having Bluetooth turned on.BleedingTooth is a set of zero-click vulnerabilities in the Linux Bluetooth subsystem that can allow an unauthenticated remote attacker in short distance to execute arbitrary code with kernel privileges on vulnerable devices.Below is the YouTube video demonstrating how the exploit works.Intel, meanwhile, has issued this bare-bones advisory that categorizes the flaw as privilege-escalation or information-disclosure vulnerability.