Google warns of severe 'BleedingTooth' Bluetooth flaw in Linux kernel | ZDNet
www.zdnet.com[+]

Intel recommends updating to Linux kernel 5.9 to mitigate a serious flaw Google found in the Linux Bluetooth stack.

Actually Intel is wrong when saying ‘‘upgrading to v5.9 will fix this’’ because none of the mainline kernels have the patches. More here https://lwn.net/Articles/834297/#Comments

Actually Intel is wrong when saying ‘‘upgrading to v5.9 will fix this’’ because none of the mainline kernels have the patches. More here https://lwn.net/Articles/834297/#Comments

It seems to have been fixed, Intel now recommends version 5.10

Also shouldn’t theses fixes be backported to older versions of the kernel?

blue_penquin
creator
25d

5.10 isn’t even mainline yet. 5.8.15 just got released two days ago, Arch hasn’t pushed it to their channel and 5.9 came out last Sunday.

Yeah I was wondering about that. Which releases contain the patches?

blue_penquin
creator
23d

The fixes for BleedingTooth Bluetooth vulnerability in kernels <5.9 are in; in both stable https://lkml.org/lkml/2020/10/17/156 and mainline https://lkml.org/lkml/2020/10/17/157

blue_penquin
creator
34d

Sorry for being late. The distros are currently backporting the fixes. You can read about Fedora in the lwn thread. Here’s Ubuntu https://launchpad.net/ubuntu/+source/linux/5.8.0-25.26 Arch jumped a version I think but they are assigned now against the kernel package https://security.archlinux.org/AVG-1248

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.