CVE-2023-51589

CVSS v3.1

5.7

Medium

Vector

AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions BlueZ (affected versions not specified)

Description This issue allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this issue, as the target must connect to a malicious device. The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root.

Recommendations At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2024:9413

ALSA-2025:4043

AZL-40244

AZL-40258

BDU:2025-16168

CESA-2025_4043

CVE-2023-51589

INFSA-2024_9413

INFSA-2025_4043

MGASA-2025-0115

RHSA-2024:9413

RHSA-2024_9413

RHSA-2025:4043

RHSA-2025_4043

RLSA-2024:9413

ZDI-23-1904

Affected Products

Almalinux

Bluez

Centos

Debian

Red Hat

Red Os

Rocky Linux

CVE-2023-51589

Weakness Enumeration

Related Identifiers

Affected Products

References · 65