Bug 1218337 (CVE-2023-51580)

Summary: VUL-0: CVE-2023-51580: bluez: BlueZ Audio Profile AVRCP avrcp_parse_attribute_list Out-Of-Bounds Read Information Disclosure Vulnerability
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Joey Lee <jlee>
Status: NEW --- QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: gabriele.sonnu
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/389141/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-51580:5.4:(AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description SMASH SMASH 2023-12-22 08:41:11 UTC 
VULNERABILITY DETAILS

This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device.

The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root.

ADDITIONAL DETAILS

-- Mitigation: Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application.

References:
https://www.zerodayinitiative.com/advisories/ZDI-23-1903/
Comment 1 Gabriele Sonnu 2023-12-22 10:32:33 UTC 
No upstream fix for now.