Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Bluez | Bluez | * | 5.54 (excluding) |
| Red Hat Enterprise Linux 7 | RedHat | bluez-0:5.44-7.el7 | * |
| Red Hat Enterprise Linux 8 | RedHat | bluez-0:5.50-4.el8 | * |
| Red Hat Enterprise Linux 8 | RedHat | bluez-0:5.50-4.el8 | * |
| Bluez | Ubuntu | bionic | * |
| Bluez | Ubuntu | devel | * |
| Bluez | Ubuntu | eoan | * |
| Bluez | Ubuntu | esm-infra/bionic | * |
| Bluez | Ubuntu | esm-infra/xenial | * |
| Bluez | Ubuntu | trusty | * |
| Bluez | Ubuntu | upstream | * |
| Bluez | Ubuntu | xenial | * |
References
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00055.html
- https://lists.debian.org/debian-lts-announce/2020/06/msg00008.html
- https://security.gentoo.org/glsa/202003-49
- https://usn.ubuntu.com/4311-1/
- https://www.debian.org/security/2020/dsa-4647
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00055.html
- https://lists.debian.org/debian-lts-announce/2020/06/msg00008.html
- https://security.gentoo.org/glsa/202003-49
- https://usn.ubuntu.com/4311-1/
- https://www.debian.org/security/2020/dsa-4647
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html