It has always been said that Linux was much more secure than macOS and Windows. However, the absence of malware is not because it is a secure system, but rather that hackers were not worth developing malware for it. Proof of this is that, as soon as this OS has raised interest, very serious security flaws have begun to appear that endanger the security of the users who bet on it. And one of the latest security flaws to put Linux users at great risk is BleedingTooth.
What is BleedingTooth?
BleedingTooth is one of the worst vulnerabilities discovered for Linux. This security flaw has been discovered by a Google researcher, and is found in the BlueZ protocol stack of the Linux kernel, the protocols used to control Bluetooth connections. The vulnerability is present in all versions of the Kernel, from 4.8 onwards, it has been registered as CVE-2020-12351 and has obtained a dangerous score of 8.3 out of 10.
This security flaw can allow an attacker to remotely execute code on any vulnerable PC without clicking on it. Of course, being by Bluetooth, it must be at a relatively close distance.
Google researchers define this vulnerability as “Heap-Based Type Confusion in L2CAP”. Although no malware has yet been found that exploits it, there is already a PoC (proof of concept) that will be available very soon on GitHub.
Secure Linux Kernel Versions
Being a kernel failure, it does not depend on one distribution or another to be sure. In order to protect ourselves and avoid being hacked by Bluetooth, what we must do is install a version that already has the corresponding patches.
Last week, Linus Torvalds released version 5.9 of the Linux kernel. This version is still vulnerable. However, an update has already been released this weekend that protects us. Therefore, the latest version 5.9.1 of the Linux kernel is safe.
Unfortunately, not all users can afford to be with the latest kernel. If we have an older version of the Kernel, which is still supported, we will have an update available to protect our BleedingTooth distro. These safe and secure versions are:
- 5.8.16
- 5.4.72
- 4.19.152
- 4.14.202
- 4.9.240
Any of these versions is safe, so we must make sure that our distro uses one of them. Furthermore, as this vulnerability was introduced in version 4.8 of the Kernel, previous versions that are still supported, such as 4.4.240, will also allow us to be safe.
Should I be concerned about BleedingTooth?
The truth is that this is one of the worst vulnerabilities ever discovered for Linux . However, it is not a flaw that can be exploited remotely over the Internet, but rather, to be a problem, it is necessary that the attacker be within 10 meters of the victim, within Bluetooth range. If it is not, this vulnerability cannot be exploited.
Therefore, it can only be a danger if we do not have our Linux updated, and we usually use the PC around other people, for example, in stations, airports or bars. If we only use Linux at home, it is rare, and complicated, that they can endanger our PC.
