#VU48203 Double Free in BlueZ - CVE-2020-27153

Cybersecurity Help s.r.o.

Published: 2020-10-15 | Updated: 2022-09-29

Vulnerability identifier: #VU48203

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-27153

CWE-ID: CWE-415

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
BlueZ
Universal components / Libraries / Libraries used by multiple products

Vendor: BlueZ Project

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker can cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event.

Mitigation
Install update from vendor's website.

Vulnerable software versions

BlueZ: 5.0 - 5.54

External links
https://bugzilla.redhat.com/show_bug.cgi?id=1884817
https://github.com/bluez/bluez/commit/1cd644db8c23a2f530ddb93cebed7dacc5f5721a
https://github.com/bluez/bluez/commit/5a180f2ec9edfacafd95e5fed20d36fe8e077f07
https://lists.debian.org/debian-lts-announce/2020/10/msg00022.html
https://security.gentoo.org/glsa/202011-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

openEuler update for bluez

Debian update for bluez

Ubuntu update for bluez

Red Hat Enterprise Linux 8 update for bluez

Double Free in bluez (Alpine package)

OpenSUSE Linux update for bluez

Gentoo update for BlueZ

OpenSUSE Linux update for bluez

Denial of service in BlueZ