CVE-2023-27349
Published: 3 May 2024
BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device. The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19908.
Priority
Status
Package | Release | Status |
---|---|---|
bluez Launchpad, Ubuntu, Debian |
bionic |
Released
(5.48-0ubuntu3.9+esm2)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
focal |
Released
(5.53-0ubuntu3.8)
|
|
jammy |
Released
(5.64-0ubuntu1.3)
|
|
mantic |
Not vulnerable
(5.68-0ubuntu1.1)
|
|
noble |
Not vulnerable
(5.72-0ubuntu5)
|
|
upstream |
Released
(5.68-1)
|
|
xenial |
Released
(5.37-0ubuntu5.3+esm4)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
Patches: upstream: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=f54299a850676d92c3dafd83e9174fcfe420ccc9 |