PT-2020-6175 · Bluez+9 · Bluez+9

Jay Lv

Published

2020-07-17

Updated

2022-04-05

CVE-2020-27153

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:C

Name of the Vulnerable Software and Affected Versions BlueZ versions prior to 5.55

Description The issue is related to a double free error in the gatttool disconnect cb() routine from shared/att.c, caused by a redundant disconnect MGMT event. This could allow a remote attacker to potentially cause a denial of service or code execution during service discovery, leading to unauthorized access to confidential data, disruption of data integrity, and service disruption.

Recommendations For versions prior to 5.55, update to version 5.55 or later to resolve the issue. As a temporary workaround, consider restricting service discovery to minimize the risk of exploitation.

Fix

DoS

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

ALSA-2021:1598

ALT-PU-2020-3309

ALT-PU-2020-3310

ALT-PU-2020-3349

BDU:2021-03430

CESA-2021_1598

CVE-2020-27153

DLA-2410-1

DSA-4951-1

MGASA-2020-0419

OESA-2021-1307

OPENSUSE-SU-2020:1876-1

OPENSUSE-SU-2020:1880-1

OPENSUSE-SU-2020_1876-1

OPENSUSE-SU-2020_1880-1

RHSA-2021:1598

RHSA-2021_1598

RLSA-2021:1598

SUSE-SU-2020:3034-1

SUSE-SU-2020:3165-1

SUSE-SU-2020_3165-1

USN-4989-1

USN-4989-2

Affected Products

Alt Linux

Almalinux

Astra Linux

Bluez

Centos

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2020-6175 · Bluez+9 · Bluez+9

CVE-2020-27153

Weakness Enumeration

Related Identifiers

Affected Products

References · 63