Bug 1203120 (CVE-2022-39177)

Summary: VUL-0: CVE-2022-39177: bluez: incorrect capability parsing in AVCTP allows physically approximate attackers to cause a denial of service
Product: [Novell Products] SUSE Security Incidents Reporter: Carlos López <carlos.lopez>
Component: IncidentsAssignee: Joey Lee <jlee>
Status: NEW --- QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: jlee, security-team, stoyan.manolov, thomas.leroy
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/341391/
Whiteboard: CVSSv3.1:SUSE:CVE-2022-39177:5.7:(AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Carlos López 2022-09-05 12:24:52 UTC
CVE-2022-39177

BlueZ before 5.59 allows physically proximate attackers to cause a denial of
service because malformed and invalid capabilities can be processed in
profiles/audio/avdtp.c.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39177
https://www.cve.org/CVERecord?id=CVE-2022-39177
http://www.cvedetails.com/cve/CVE-2022-39177/
https://ubuntu.com/security/notices/USN-5481-1
https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968
Comment 1 Carlos López 2022-09-05 12:27:18 UTC
Affected:
 - SUSE:SLE-11-SP3:Update
 - SUSE:SLE-12-SP2:Update
 - SUSE:SLE-15:Update
 - SUSE:SLE-15-SP2:Update
 - SUSE:SLE-15-SP3:Update

SUSE:SLE-15-SP4:Update is already fixed.

Fixed in:
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=7a80d2096f1b7125085e21448112aa02f49f5e9a
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=0388794dc5fdb73a4ea88bcf148de0a12b4364d4
Comment 2 Thomas Leroy 2022-09-26 15:18:23 UTC
Did you have the time to work on this Joey? :)
Comment 6 Joey Lee 2023-01-17 08:43:39 UTC
(In reply to Carlos López from comment #1)
> Affected:
>  - SUSE:SLE-11-SP3:Update
>  - SUSE:SLE-12-SP2:Update
>  - SUSE:SLE-15:Update
>  - SUSE:SLE-15-SP2:Update
>  - SUSE:SLE-15-SP3:Update
> 
> SUSE:SLE-15-SP4:Update is already fixed.
> 
> Fixed in:
> https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/
> ?id=7a80d2096f1b7125085e21448112aa02f49f5e9a
> https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/
> ?id=0388794dc5fdb73a4ea88bcf148de0a12b4364d4

Sent submitreq on IBS for the following SLE:

SUSE:SLE-15-SP3:Update/bluez :

https://build.suse.de/request/show/288338


SUSE:SLE-15-SP2:Update/bluez :

https://build.suse.de/request/show/288339


SUSE:SLE-15:Update/bluez : 

https://build.suse.de/request/show/288341
Comment 8 Joey Lee 2023-01-18 04:24:41 UTC
(In reply to Joey Lee from comment #6)
> (In reply to Carlos López from comment #1)
> > Affected:
> >  - SUSE:SLE-11-SP3:Update
> >  - SUSE:SLE-12-SP2:Update
> >  - SUSE:SLE-15:Update
> >  - SUSE:SLE-15-SP2:Update
> >  - SUSE:SLE-15-SP3:Update
> > 
> > SUSE:SLE-15-SP4:Update is already fixed.
> > 
> > Fixed in:
> > https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/
> > ?id=7a80d2096f1b7125085e21448112aa02f49f5e9a
> > https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/
> > ?id=0388794dc5fdb73a4ea88bcf148de0a12b4364d4
> 
> Sent submitreq on IBS for the following SLE:
> 
> SUSE:SLE-15-SP3:Update/bluez :
> 
> https://build.suse.de/request/show/288338
> 
> 
> SUSE:SLE-15-SP2:Update/bluez :
> 
> https://build.suse.de/request/show/288339
> 
> 
> SUSE:SLE-15:Update/bluez : 
> 
> https://build.suse.de/request/show/288341


SUSE:SLE-12-SP2:Update/bluez : 

https://build.suse.de/request/show/288397


SUSE:SLE-11-SP3:Update/bluez : 

https://build.suse.de/request/show/288426
Comment 11 Swamp Workflow Management 2023-01-26 20:29:55 UTC
SUSE-SU-2023:0166-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1203120,1203121
CVE References: CVE-2022-39176,CVE-2022-39177
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    bluez-5.13-5.36.1
SUSE OpenStack Cloud 9 (src):    bluez-5.13-5.36.1
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    bluez-5.13-5.36.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    bluez-5.13-5.36.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    bluez-5.13-5.36.1
SUSE Linux Enterprise Server 12-SP5 (src):    bluez-5.13-5.36.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    bluez-5.13-5.36.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    bluez-5.13-5.36.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Swamp Workflow Management 2023-01-26 20:37:14 UTC
SUSE-SU-2023:0168-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1203120,1203121
CVE References: CVE-2022-39176,CVE-2022-39177
JIRA References: 
Sources used:
SUSE Manager Server 4.2 (src):    bluez-5.55-150300.3.19.1
SUSE Manager Retail Branch Server 4.2 (src):    bluez-5.55-150300.3.19.1
SUSE Manager Proxy 4.2 (src):    bluez-5.55-150300.3.19.1
SUSE Linux Enterprise Server for SAP 15-SP3 (src):    bluez-5.55-150300.3.19.1
SUSE Linux Enterprise Server 15-SP3-LTSS (src):    bluez-5.55-150300.3.19.1
SUSE Linux Enterprise Realtime Extension 15-SP3 (src):    bluez-5.55-150300.3.19.1
SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (src):    bluez-5.55-150300.3.19.1
SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (src):    bluez-5.55-150300.3.19.1
SUSE Enterprise Storage 7.1 (src):    bluez-5.55-150300.3.19.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Swamp Workflow Management 2023-01-26 20:42:38 UTC
SUSE-SU-2023:0155-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1203120,1203121
CVE References: CVE-2022-39176,CVE-2022-39177
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    bluez-5.48-150000.5.46.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    bluez-5.48-150000.5.46.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    bluez-5.48-150000.5.46.1
SUSE Enterprise Storage 6 (src):    bluez-5.48-150000.5.46.1
SUSE CaaS Platform 4.0 (src):    bluez-5.48-150000.5.46.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 14 Swamp Workflow Management 2023-01-26 20:46:33 UTC
SUSE-SU-2023:0156-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1203120,1203121
CVE References: CVE-2022-39176,CVE-2022-39177
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    bluez-5.48-150200.13.22.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    bluez-5.48-150200.13.22.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    bluez-5.48-150200.13.22.1
SUSE Enterprise Storage 7 (src):    bluez-5.48-150200.13.22.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.