Linux Kernel 5.9 has been released by Linus Torvalds this week for public testing. Just after the release, Intel is recommending in its advisory for the high-severity Bluetooth flaw, CVE-2020-12351, to update the Linux kernel to version 5.9 or later.
To update Linux 5.10 is recommended
Andy Nguyen, a security engineer from Google, reported the bugs to Intel. Google security team classified the heap-based type confusion affecting Linux kernel 4.8 and higher, as a high threat. According to Google researchers, malicious Bluetooth chips can trigger the vulnerability as well.
Intel summarized the flaw, saying “Potential security vulnerabilities in BlueZ may allow escalation of privilege or information disclosure.” BlueZ is releasing Linux kernel fixes to address these potential vulnerabilities. All Linux kernel versions before 5.10 that support BlueZ are affected by the Bluetooth flaw.
Intel recommends updating the Linux kernel to version 5.10 or later. Linux Kernel 5.10 will be the final kernel of this year 2020. If a kernel upgrade is not possible, Intel recommends instead installing the following kernel fixes to address these issues:
Also you may be interested in: How to update Linux Kernel without rebooting?