Bluetooth Vulnerability in Linux kernel allows nearby hackers to execute code

Google engineer Andy Nguyen is reporting via a Twitter thread that a new security vulnerability has been found in Linux operating systems that run a Bluetooth software stack called BlueZ. Nguyen has named the vulnerability BleedingTooth and claims in his Twitter post that the vulnerability allows nearby hackers to conduct zero-click root-level code execution.

Linux is an OS very almost like Unix—it became popular over a decade ago as a search and academic tool thanks to its open-source licensing and 0 cost. in additional recent years, it’s been wont to create dedicated applications—NASA uses it for several of its space applications, for instance . it’s also become popular for companies making Internet-of-Things (IoT) devices because it allows them to avoid royalty fees.

In this new effort, Nguyen has found a vulnerability that permits hackers within the range of a Bluetooth signal to realize root access to computers or devices running BlueZ. Notably, many IoT devices use BlueZ to permit users to speak with their devices. Intel, a serious backer of the group behind BlueZ, has announced that it’s characterizing the vulnerability as a flaw that gives an escalation of privileges or the disclosure of data .

Because it’s still a replacement discovery, little is understood about the vulnerability—still, the team at BlueZ has released a patch for it and made it freely available. Also, Intel has issued an advisory on its website , noting that the severity has been classified as high.

Despite the severity of the vulnerability, it’s not considered to be something that the user community should worry about. A hacker would need to gain access to a building housing such a tool or computer and have the required knowledge and equipment to require advantage of things . And there would even be the difficulty of motive—not many hackers have an interest in taking up an IoT coffeepot sitting on someone’s kitchen counter. like many computer vulnerabilities, those most in danger are those that work with very sensitive or valuable information.