CVE-2020-0556

NameCVE-2020-0556
DescriptionImproper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-4647-1
NVD severitymedium
Debian Bugs953770

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
bluez (PTS)jessie, jessie (security)5.23-2+deb8u1vulnerable
stretch5.43-2+deb9u1vulnerable
stretch (security)5.43-2+deb9u2fixed
buster, buster (security)5.50-1.2~deb10u1fixed
bullseye, sid5.50-1.2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bluezsource(unstable)5.50-1.1953770
bluezsourcebuster5.50-1.2~deb10u1DSA-4647-1
bluezsourcestretch5.43-2+deb9u2DSA-4647-1

Notes

https://lore.kernel.org/linux-bluetooth/20200310023516.209146-1-alainm@chromium.org/
Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8cdbd3b09f29da29374e2f83369df24228da0ad1
Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=3cccdbab2324086588df4ccf5f892fb3ce1f1787
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html
Second commit introduces new configuration option "ClassicBondedOnly" which defaults
to false, and allows to make sure that input connections only come from bonded
device connections.
Followup commits to avoid (functional) regression:
Followup: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=35d8d895cd0b724e58129374beb0bb4a2edf9519
Followup: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=f2778f5877d20696d68a452b26e4accb91bfb19e

Search for package or bug name: Reporting problems