SB2020081274 - Multiple vulnerabilities in Intel® Wireless Bluetooth® devices

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Race condition (CVE-ID: CVE-2020-0554)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in software installer for Windows systems. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

2) Input validation error (CVE-ID: CVE-2020-0555)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a improper input validation. A local user can run a specially crafted application to escalate privileges on the system.

3) Out-of-bounds read (CVE-ID: CVE-2020-0553)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A local user can run a specially crafted program to trigger out-of-bounds read error and read contents of memory on the system.

4) Input validation error (CVE-ID: CVE-2019-14620)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a improper input validation. A remote attacker with physical proximity to the system can send specially crafted Bluetooth packets and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00337.html