CVE-2019-8921

Name of the Vulnerable Software and Affected Versions BlueZ versions through 5.48

Description The issue is related to the implementation of the SDP service in the Bluetooth protocol stack for Linux BlueZ, which is associated with insufficient authentication of data. This can allow a remote attacker to disclose protected information. The vulnerability lies in the handling of a SVC ATTR REQ by the SDP implementation, where crafting a malicious CSTATE can trick the server into returning more bytes than the buffer holds, resulting in the leaking of arbitrary heap data. The root cause is found in the service attr req function of sdpd-request.c, where the server does not check if the CSTATE data is the same in consecutive requests and instead trusts that it is the same.

Recommendations For BlueZ versions through 5.48, consider disabling the service attr req function in sdpd-request.c as a temporary workaround until a patch is available. Restrict access to the SDP implementation to minimize the risk of exploitation. Avoid using the CSTATE data in consecutive requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.