CVE-2020-0556

Name of the Vulnerable Software and Affected Versions BlueZ versions prior to 5.54

Description The issue is related to improper access control in the BlueZ subsystem, which may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access. This vulnerability can be exploited by a remote attacker to gain access to confidential data, disrupt their integrity, and cause a denial of service. The vulnerability is associated with a lack of privilege management mechanisms in the BlueZ package, which is used in Linux and Chrome OS distributions. A malicious Bluetooth device can exploit this vulnerability to impersonate another HID device, such as a keyboard, mouse, or game controller, or to secretly inject data into the input subsystem.

Recommendations For BlueZ versions prior to 5.54, update to version 5.54 or later to resolve the issue. As a temporary workaround, consider restricting access to the Bluetooth subsystem to minimize the risk of exploitation. Avoid using the Bluetooth HID Hosts feature until the issue is resolved.