CVE-2020-0556
Published: 12 March 2020
Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access
Notes
| Author | Note |
|---|---|
| alexmurray | Affects versions before 5.53 according to the Intel advisory |
| mdeslaur | while the Intel advisory says "below 5.53", the commits that actually fix the issue appear to have been added after 5.53 was released. Marking focal as needed until further information is available. Intel advisory was updates on 2020-03-16 to change fixed version to 5.54. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
bluez Launchpad, Ubuntu, Debian |
bionic |
Released
(5.48-0ubuntu3.4)
|
| eoan |
Released
(5.50-0ubuntu5.1)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.54)
|
|
| xenial |
Released
(5.37-0ubuntu5.3)
|
|
|
Patches: upstream: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8cdbd3b09f29da29374e2f83369df24228da0ad1 upstream: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=3cccdbab2324086588df4ccf5f892fb3ce1f1787 upstream: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=35d8d895cd0b724e58129374beb0bb4a2edf9519 upstream: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=f2778f5877d20696d68a452b26e4accb91bfb19e |
||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.1 |
| Attack vector | Adjacent |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Changed |
| Confidentiality | Low |
| Integrity impact | Low |
| Availability impact | Low |
| Vector | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L |