Linux Kernel 5.9 has been released by Linus Torvalds this week for public testing. Just after the release, Intel is recommending in its advisory for the high-severity Bluetooth flaw, CVE-2020-12351, to update the Linux kernel to version 5.9 or later.
To update Linux 5.10 is recommended
Andy Nguyen, a security engineer from Google, reported the bugs to Intel. Google security team classified the heap-based type confusion affecting Linux kernel 4.8 and higher, as a high threat. According to Google researchers, malicious Bluetooth chips can trigger the vulnerability as well.
Intel summarized the flaw, saying “Potential security vulnerabilities in BlueZ may allow escalation of privilege or information disclosure.” BlueZ is releasing Linux kernel fixes to address these potential vulnerabilities. All Linux kernel versions before 5.10 that support BlueZ are affected by the Bluetooth flaw.
Intel recommends updating the Linux kernel to version 5.10 or later. Linux Kernel 5.10 will be the final kernel of this year 2020. If a kernel upgrade is not possible, Intel recommends instead installing the following kernel fixes to address these issues:
https://lore.kernel.org/linux-bluetooth/[email protected]/
https://lore.kernel.org/linux-bluetooth/[email protected]/
https://lore.kernel.org/linux-bluetooth/[email protected]/
https://lore.kernel.org/linux-bluetooth/[email protected]/
https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=a2ec905d1e160a33b2e210e45ad30445ef26ce0e
Also you may be interested in: How to update Linux Kernel without rebooting?