Well, this kernel Bluetooth exploit is depressing

If none of the more specific forums is the right place to ask

Well, this kernel Bluetooth exploit is depressing

Postby stevepusser » 2020-10-15 19:06

It's rated as "high" by Intel:

https://security-tracker.debian.org/tra ... 2020-12351

We were just about ready to release MX 19.3, but now are going to wait until the patches land in Debian and we can backport the fixed kernel as needed. I guess we need to turn off the BT adapters if you're seeing some evil haxxor within 10 meters.
MX Linux packager and developer
User avatar
stevepusser
 
Posts: 12061
Joined: 2009-10-06 05:53

Re: Well, this kernel Bluetooth exploit is depressing

Postby Head_on_a_Stick » 2020-10-15 19:19

Code: Select all
tee /etc/modprobe.d/bluetooth.conf <<!
blacklist btusb
blacklist btrtl
blacklist btbcm
blacklist btintel
blacklist bluetooth
!

^ Run that from a root prompt (or prepend the tee command with sudo) to prevent any Bluetooth kernel modules from loading.

Double check for any stray modules to add to that list with
Code: Select all
/sbin/lsmod | grep blue

If you are fortunate enough to own a ThinkPad then just disable the hardware from the firmware ("BIOS") options.
Black Lives Matter

Debian buster-backports ISO image: for new hardware support
User avatar
Head_on_a_Stick
 
Posts: 12612
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Well, this kernel Bluetooth exploit is depressing

Postby sgosnell » 2020-10-15 19:22

You may have to wait awhile. According to the Intel site, the bug affects every kernel version prior to 5.10, and AFAIK there isn't even a release candidate for that yet. Even if a decision is made to patch every kernel in existence, which might or might not happen, it will take time to get all that done. I just won't allow any hackers inside my house for now. I don't allow anyone in anyway, hackers or not, except my son and his family, who I'm sure is quarantining because of his health issues. But just to make sure, I might keep the bluetooth disabled anyway. 8)
Take my advice, I'm not using it.
sgosnell
 
Posts: 838
Joined: 2011-03-14 01:49

Re: Well, this kernel Bluetooth exploit is depressing

Postby stevepusser » 2020-10-15 20:43

Head_on_a_Stick wrote:
Code: Select all
tee /etc/modprobe.d/bluetooth.conf <<!
blacklist btusb
blacklist btrtl
blacklist btbcm
blacklist btintel
blacklist bluetooth
!

^ Run that from a root prompt (or prepend the tee command with sudo) to prevent any Bluetooth kernel modules from loading.

Double check for any stray modules to add to that list with
Code: Select all
/sbin/lsmod | grep blue

If you are fortunate enough to own a ThinkPad then just disable the hardware from the firmware ("BIOS") options.


That seems like a pain if I can just turn the adapter off with Blueman or tlp...can a l33t haxxor turn it on remotely if it's not even receiving? Hmmm-- this 95 yr old guy sitting near me could be a haxxor in a Mission Impossible latex mask. I should clock him one just to be safe.

I thought the flaw was in kernels before 5.9. Debian has a 5.9~rc8 kernel in Experimental, which is supposed to be the same as the final release except for the versioning. I backported it for Buster a few days ago just to see it I could build it, but haven't installed it and tested any DKMS builds with it yet. I was waiting for Debian to do a final version before doing that.
MX Linux packager and developer
User avatar
stevepusser
 
Posts: 12061
Joined: 2009-10-06 05:53

Re: Well, this kernel Bluetooth exploit is depressing

Postby sgosnell » 2020-10-15 21:50

All I know is what the Intel site said.
Affected Products:

All Linux kernel versions before 5.10 that support BlueZ.
Take my advice, I'm not using it.
sgosnell
 
Posts: 838
Joined: 2011-03-14 01:49

Re: Well, this kernel Bluetooth exploit is depressing

Postby stevepusser » 2020-10-15 23:00

I can't find anything about 5.10 in this link: https://www.intel.com/content/www/us/en ... 00435.html

Can you give me your link?

Edit: Ah, I see they removed any kernel version in 1.1, implying that it's any kernel that has the BlueZ stack.
MX Linux packager and developer
User avatar
stevepusser
 
Posts: 12061
Joined: 2009-10-06 05:53

Re: Well, this kernel Bluetooth exploit is depressing

Postby Head_on_a_Stick » 2020-10-16 14:03

stevepusser wrote:That seems like a pain if I can just turn the adapter off with Blueman or tlp

Well copy&pasting my code block should work fine and the method is universal and doesn't require extra packages.
Black Lives Matter

Debian buster-backports ISO image: for new hardware support
User avatar
Head_on_a_Stick
 
Posts: 12612
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Well, this kernel Bluetooth exploit is depressing

Postby sgosnell » 2020-10-16 14:52

The quote was from here, https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
That page has been modified as of 10/15 and the reference to kernel version numbers deleted.
Revision History
Revision Date Description
1.0 10/13/2020 Initial Release
1.1 10/15/2020 Removed reference to Linux kernel version

Now it just says all kernels that support BlueZ. The link is down the page of the link in the OP.
Take my advice, I'm not using it.
sgosnell
 
Posts: 838
Joined: 2011-03-14 01:49

Re: Well, this kernel Bluetooth exploit is depressing

Postby metreo » 2020-10-16 16:09

Meta-comment: Bluetooth has never been secure and shouldn't ever be assumed to be secure even with the latest patched
User avatar
metreo
 
Posts: 20
Joined: 2020-10-08 19:15

Re: Well, this kernel Bluetooth exploit is depressing

Postby Head_on_a_Stick » 2020-10-16 19:38

^ +1
Black Lives Matter

Debian buster-backports ISO image: for new hardware support
User avatar
Head_on_a_Stick
 
Posts: 12612
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Well, this kernel Bluetooth exploit is depressing

Postby stevepusser » 2020-10-17 20:18

The page now says a 5.9.1-1 kernel on the way to Sid repos fixes the issue, but it's not appearing in the repos I'm scanning yet. I presume that earlier kernels are now also getting patches and rebuilds. (crosses fingers, spits over left shoulder, avoids black cats)
MX Linux packager and developer
User avatar
stevepusser
 
Posts: 12061
Joined: 2009-10-06 05:53

Re: Well, this kernel Bluetooth exploit is depressing

Postby stevepusser » 2020-10-17 20:58

Does this page mean that Ubuntu "fixed it" just by disabling Bluetooth in the kernel config? Yikes!

https://people.canonical.com/~ubuntu-se ... 12351.html
MX Linux packager and developer
User avatar
stevepusser
 
Posts: 12061
Joined: 2009-10-06 05:53

Re: Well, this kernel Bluetooth exploit is depressing

Postby sgosnell » 2020-10-18 00:52

I'm not sure the "unstable" reference on the bug page is to Sid, Debian Unstable. The latest kernel in Experimental is still 5.9.0-rc8. I think the latest Linux kernel that is considered stable is 5.8. It seems to be taking some time to get the 5.9 kernel into any Debian repo. Although 5 days isn't really that long, 5.9 was only announced on the 12th. Actually, I just saw that 5.9.1 was released today, so 5.9 is considered stable now. Maybe we'll see it in Sid within a week or so.
Take my advice, I'm not using it.
sgosnell
 
Posts: 838
Joined: 2011-03-14 01:49

Re: Well, this kernel Bluetooth exploit is depressing

Postby sgosnell » 2020-10-18 03:50

Just did an update of Sid and kernel 5.9.1 was installed. The firmware didn't update, though, so I'm not going to reboot for awhile. I'm not positive that it will be updated, but I'm not in that much of a hurry to try the shiny new kernel. Tomorrow is soon enough. :D
Take my advice, I'm not using it.
sgosnell
 
Posts: 838
Joined: 2011-03-14 01:49

Re: Well, this kernel Bluetooth exploit is depressing

Postby anticapitalista » 2020-10-18 08:15

stevepusser wrote:Does this page mean that Ubuntu "fixed it" just by disabling Bluetooth in the kernel config? Yikes!

https://people.canonical.com/~ubuntu-se ... 12351.html


Not according to kernel.org


https://git.kernel.org/pub/scm/linux/ke ... 3720bd4d22
antiX with runit - lean and mean.
https://antixlinux.com
anticapitalista
 
Posts: 387
Joined: 2007-12-14 23:16

Next

Return to General Questions

Who is online

Users browsing this forum: No registered users and 15 guests

fashionable