USN-5275-1: BlueZ vulnerability
8 February 2022
BlueZ could be made to crash or run programs if it received specially crafted network traffic.
Releases
Packages
- bluez - Bluetooth tools and daemons
Details
Ziming Zhang discovered that BlueZ incorrectly handled memory write operations
in its gatt server. A remote attacker could possibly use this to cause BlueZ to
crash leading to a denial of service, or potentially remotely execute code.
(CVE-2022-0204)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10
Ubuntu 20.04
Ubuntu 18.04
Ubuntu 16.04
-
bluez
-
5.37-0ubuntu5.3+esm2
Available with Ubuntu Pro
-
libbluetooth3
-
5.37-0ubuntu5.3+esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.