#VU75105 Buffer overflow in BlueZ - CVE-2023-27349


Vulnerability identifier: #VU75105

Vulnerability risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-27349

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
BlueZ
Universal components / Libraries / Libraries used by multiple products

Vendor: BlueZ Project

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the handling of the AVRCP protocol. A remote attacker with physical proximity to device can send specially crafted Bluetooth packets to the affected system, trigger memory corruption and execute arbitrary code on the system.


Mitigation
Install updates from vendor's website.

Vulnerable software versions

BlueZ: 5.0 - 5.66

External links
https://www.zerodayinitiative.com/advisories/ZDI-23-386/
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=f54299a850676d92c3dafd83e9174fcfe420ccc9

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Red Hat Enterprise Linux 8 update for bluez
Dell SmartFabric Storage Software update for third-party components
Multiple vulnerabilities in IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component
Multiple vulnerabilities in OpenShift API for Data Protection (OADP) 1.4
Multiple vulnerabilities in Dell OpenManage Network Integration (OMNI)
Multiple vulnerabilities in Red Hat OpenShift Dev Spaces 3.17
Multiple vulnerabilities in OpenShift API for Data Protection (OADP) 1.3
Red Hat Enterprise Linux 9 update for bluez
Ubuntu update for bluez
SUSE update for bluez