CVE-2020-27153 – bluez: double free in gatttool client disconnect callback handler in src/shared/att.c could lead to DoS or RCE
https://notcve.org/view.php?id=CVE-2020-27153
In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event. En BlueZ versiones anteriores a 5.55, se encontró una doble liberación en la rutina disconnect_cb() de gatttool del archivo shared/att.c. Un atacante remoto podría potencialmente causar una denegación de servicio o una ejecución de código, durante la detección del servicio, debido a un evento MGMT de desconexión redundante • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00036.html https://bugzilla.redhat.com/show_bug.cgi?id=1884817 https://github.com/bluez/bluez/commit/1cd644db8c23a2f530ddb93cebed7dacc5f5721a https://github.com/bluez/bluez/commit/5a180f2ec9edfacafd95e5fed20d36fe8e077f07 https://lists.debian.org/debian-lts-announce/2020/10/msg00022.html https://security.gentoo.org/glsa/202011-01 https://www.debian.org/security/2021/dsa-4951& • CWE-415: Double Free CWE-416: Use After Free •
CVE-2020-0556 – bluez: Improper access control in subsystem could result in privilege escalation and DoS
https://notcve.org/view.php?id=CVE-2020-0556
Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access El control de acceso incorrecto en el subsistema para BlueZ anterior a la versión 5.54 puede permitir que un usuario no autenticado permita potencialmente la escalada de privilegios y la denegación de servicio a través del acceso adyacente • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00055.html https://lists.debian.org/debian-lts-announce/2020/06/msg00008.html https://security.gentoo.org/glsa/202003-49 https://usn.ubuntu.com/4311-1 https://www.debian.org/security/2020/dsa-4647 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html https://access.redhat.com/security/cve/CVE-2020-0556 https • CWE-266: Incorrect Privilege Assignment •
CVE-2018-10910 – bluez: failure in disabling Bluetooth discoverability in certain cases may lead to the unauthorized pairing of Bluetooth devices
https://notcve.org/view.php?id=CVE-2018-10910
A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable. Un fallo en Bluez podría permitir al estado "Bluetooth Disponible" establecerse en "activo" cuando no hay ningún agente Bluetooth registrado con el sistema. Esto podría provocar el emparejamiento no autorizado de determinados dispositivos Bluetooth sin ningún tipo de autenticación. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10910 https://usn.ubuntu.com/3856-1 https://access.redhat.com/security/cve/CVE-2018-10910 https://bugzilla.redhat.com/show_bug.cgi?id=1606203 • CWE-863: Incorrect Authorization •
CVE-2017-1000250 – bluez: Out-of-bounds heap read in service_search_attr_req function
https://notcve.org/view.php?id=CVE-2017-1000250
All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests. Todas las versiones del servidor SDP en BlueZ 5.46 y anteriores son vulnerables a sufrir una divulgación de información que permite que los atacantes remotos obtengan información sensible de la memoria del proceso bluetoothd. Esta vulnerabilidad se basa en el procesamiento de peticiones del atributo de búsqueda SDP. An information-disclosure flaw was found in the bluetoothd implementation of the Service Discovery Protocol (SDP). • https://github.com/olav-st/CVE-2017-1000250-PoC http://nvidia.custhelp.com/app/answers/detail/a_id/4561 http://www.debian.org/security/2017/dsa-3972 http://www.securityfocus.com/bid/100814 https://access.redhat.com/errata/RHSA-2017:2685 https://access.redhat.com/security/cve/CVE-2017-1000250 https://access.redhat.com/security/vulnerabilities/blueborne https://www.armis.com/blueborne https://www.kb.cert.org/vuls/id/240311 https://www.synology.com/support/security/Sy • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-9917
https://notcve.org/view.php?id=CVE-2016-9917
In BlueZ 5.42, a buffer overflow was observed in "read_n" function in "tools/hcidump.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. En BlueZ 5.42, un desbordamiento de búfer fue observado en la función "read_n" en el archivo fuente "tools/hcidump.c". Este problema puede ser desencadenado procesando un archivo de volcado corrupto y resultará en una caída hcidump. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html http://www.securityfocus.com/bid/95013 https://www.spinics.net/lists/linux-bluetooth/msg68892.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •