Ubuntu update for bluez
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2022-3563 CVE-2023-27349 |
| CWE-ID | CWE-476 CWE-119 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Ubuntu Operating systems & Components / Operating system libbluetooth3 (Ubuntu package) Operating systems & Components / Operating system package or component bluez-tests (Ubuntu package) Operating systems & Components / Operating system package or component bluez (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) NULL pointer dereference
EUVDB-ID: #VU71644
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-3563
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the read_50_controller_cap_complete() function in tools/mgmt-tester.c of the component BlueZ. An attacker with physical proximity to device can send specially crafted data to the application and perform a denial of service (DoS) attack.
Update the affected package bluez to the latest version.
Vulnerable software versionsUbuntu: 16.04 - 22.04
libbluetooth3 (Ubuntu package): before Ubuntu Pro
bluez-tests (Ubuntu package): before 5.64-0ubuntu1.3
bluez (Ubuntu package): before Ubuntu Pro
CPE2.3- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:libbluetooth3_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:bluez-tests_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:bluez_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6809-1
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU75105
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-27349
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the handling of the AVRCP protocol. A remote attacker with physical proximity to device can send specially crafted Bluetooth packets to the affected system, trigger memory corruption and execute arbitrary code on the system.
Mitigation
Update the affected package bluez to the latest version.
Vulnerable software versionsUbuntu: 16.04 - 22.04
libbluetooth3 (Ubuntu package): before Ubuntu Pro
bluez-tests (Ubuntu package): before 5.64-0ubuntu1.3
bluez (Ubuntu package): before Ubuntu Pro
CPE2.3- cpe:2.3:o:canonical:libbluetooth3_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:bluez-tests_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:bluez_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6809-1
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
