BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution

As pre-announced via twitter the google security research team found a zero-click RCE in the bluetooth stack of the Linux Kernel (

Presumably, SFOS is also affected?


It would be interesting to see if the exploit actually works on SFOS. Maybe the wonky BT support makes the vulnerability not work?

Also, I understand the J1 and older devices are on BlueZ 4.x not 5.x, is BlueZ 4.x also exploitable?

1 Like

Since the Blogpost with details has not yet been published - at least at the time of this writing :wink: - I have no means of knowing.

I just figured I raise this topic here so it get’s the attention potentially required…

Intel says:

Affected Products:
All Linux kernel versions that support BlueZ.

They just provided patches for upcoming 5.10. So the fixes have to be backported to older kernels by distributions.


The “Bleeding Tooth” aka CVE-2020-12351, CVE-2020-12352, and CVE-2020-24490 vulnerability is now fixed on kernel side. The fixes are in versions 5.9.1, 5.8.16, 5.4.72, 4.19.152, 4.14.202, 4.9.240, 4.4.240.

Latest Sailfish 3.4.x runs kernel 4.9.221 and by definition it is vulnerable. Of course the question is, if actual implementation in Sailfish is also exploitable.

Nevertheless… the issue is serious and I guess, that quite on lot of Sailfish-users expect official feedback on this from Jolla.

Until then the only possible defence is avoiding or cutting back on Bluetooth usage when you are not alone or surrounded by people you trust.


Every device runs a different version of the kernel.

my Xperia X with SailfishOS 3.10.84

True, I forgot all the variations. 4.9.221 applies to Sony Xperia 10 in this case.

1 Like

Unfortunately the kernel version also depends on the device.
My Xperia X runs a 3.10.84 (aka undead frankenstein) kernel and Jolla said that there won’t be any kernel updates for these older devices (because of understandable reasons detailed somewhere in the old forum. Sorry, couldn’t find the link right now).

So probably these kernel patches will never make it to all Sailfish devices currently in use. So, just don’t use Bluetooth…

edit: too late :smiley:

XA2 (dual SIM) has 4.4.189

I had a look at Jolla 1, if updated to it runs 3.4.108 kernel and seems that’s not affected.

Looks like that errors have been introduced in different times:

  • CVE-2020-12351 affects kernel 4.8 and higher
  • CVE-2020-12352 affects kernel 3.6 and higher
  • CVE-2020-24490 affects kernel 4.19 and higher

CVE-2020-12351 has a high severity rating and others have medium risk.

Updated to Sailfish kernels seem to be:

  • Jolla 1 - 3.4.108
  • Xperia X - 3.10.84
  • Xperia 10 - 4.9.221
  • Xperia XA2 - 4.4.189
  • but there are more devices in use

Of those Xperia 10 has the highest risk exposed, for others it is medium risk if any.