Your submission was sent successfully! Close

CVE-2020-0556

Published: 12 March 2020

Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access

Priority

Medium

CVSS 3 base score: 7.1

Status

Package Release Status
bluez
Launchpad, Ubuntu, Debian
bionic
Released (5.48-0ubuntu3.4)
eoan
Released (5.50-0ubuntu5.1)
precise Does not exist

trusty Does not exist

upstream
Released (5.54)
xenial
Released (5.37-0ubuntu5.3)

Notes

AuthorNote
amurray
Affects versions before 5.53 according to the Intel advisory
mdeslaur
while the Intel advisory says "below 5.53", the commits that
actually fix the issue appear to have been added after 5.53 was
released. Marking focal as needed until further information is
available.
Intel advisory was updates on 2020-03-16 to change fixed version
to 5.54.

References

Bugs