Google, Intel Warn about the ‘Zero-Click’ Kernel Bug in various Linux-based IoT Devices

Linux-based IoT Devices

Google and Intel are urging users to update the Linux kernel to upgraded version 5.9 or later. Intel and Google are warning of a highly severe flaw in BlueZ. This Linux Bluetooth protocol stack provides support for core Bluetooth protocols and layers to Linux-based internet of things (IoT) devices.

As per Google, the vulnerability affects all Linux kernel versions prior to 5.9 that supports BlueZ. BlueZ, which remains an open-source project distributed under GNU General Public License (GPL), flaunts features like the BlueZ kernel as a part of the official Linux kernel since version 2.4.6.

Read More: Security Leaders to Prioritize the Evolving Threat Landscape for the next Five Years

Google calls this flaw “BleedingTooth,” which can be exploited in a “zero-click” attack through specially crafted input by any local, unauthenticated attacker. This could potentially permit for escalated privileges on affected devices.

Source: threatpost