CVE-2020-0556

NameCVE-2020-0556
DescriptionImproper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-2240-1, DSA-4647-1
Debian Bugs953770

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
bluez (PTS)buster5.50-1.2~deb10u2fixed
buster (security)5.50-1.2~deb10u4fixed
bullseye (security), bullseye5.55-3.1+deb11u1fixed
bookworm, bookworm (security)5.66-1+deb12u1fixed
trixie5.71-1fixed
sid5.73-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bluezsourcejessie5.43-2+deb9u2~deb8u1DLA-2240-1
bluezsourcestretch5.43-2+deb9u2DSA-4647-1
bluezsourcebuster5.50-1.2~deb10u1DSA-4647-1
bluezsource(unstable)5.50-1.1953770

Notes

https://lore.kernel.org/linux-bluetooth/20200310023516.209146-1-alainm@chromium.org/
Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8cdbd3b09f29da29374e2f83369df24228da0ad1
Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=3cccdbab2324086588df4ccf5f892fb3ce1f1787
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html
Second commit introduces new configuration option "ClassicBondedOnly" which defaults
to false, and allows to make sure that input connections only come from bonded
device connections.
Followup commits to avoid (functional) regression:
Followup: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=35d8d895cd0b724e58129374beb0bb4a2edf9519
Followup: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=f2778f5877d20696d68a452b26e4accb91bfb19e
Search for package or bug name: Reporting problems