CVE Vulnerabilities

CVE-2016-9798

Use After Free

Published: Dec 03, 2016 | Modified: Apr 12, 2025
CVSS 3.x
5.3
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
1.2 LOW
AV:L/AC:H/Au:N/C:N/I:N/A:P
RedHat/V3
2.5 LOW
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
Ubuntu
NEGLIGIBLE

In BlueZ 5.42, a use-after-free was identified in conf_opt function in tools/parser/l2cap.c source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.

Weakness

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory “belongs” to the code that operates on the new pointer.

Affected Software

Name Vendor Start Version End Version
Bluez Bluez 5.42 (including) 5.42 (including)
Bluez Ubuntu artful *
Bluez Ubuntu bionic *
Bluez Ubuntu cosmic *
Bluez Ubuntu disco *
Bluez Ubuntu eoan *
Bluez Ubuntu focal *
Bluez Ubuntu groovy *
Bluez Ubuntu hirsute *
Bluez Ubuntu impish *
Bluez Ubuntu kinetic *
Bluez Ubuntu lunar *
Bluez Ubuntu mantic *
Bluez Ubuntu oracular *
Bluez Ubuntu precise *
Bluez Ubuntu trusty *
Bluez Ubuntu vivid/stable-phone-overlay *
Bluez Ubuntu xenial *
Bluez Ubuntu yakkety *
Bluez Ubuntu zesty *

Potential Mitigations

References