Bug 1218341 (CVE-2023-51589)

Summary: VUL-0: CVE-2023-51589: bluez: BlueZ Audio Profile AVRCP parse_media_element Out-Of-Bounds Read Information Disclosure Vulnerability
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Joey Lee <jlee>
Status: NEW --- QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: gabriele.sonnu
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/389140/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-51589:5.4:(AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description SMASH SMASH 2023-12-22 08:49:34 UTC 
VULNERABILITY DETAILS 	

This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device.

The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root.

ADDITIONAL DETAILS 	

-- Mitigation: Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application.

References:
https://www.zerodayinitiative.com/advisories/ZDI-23-1904/
Comment 1 Gabriele Sonnu 2023-12-22 10:33:17 UTC 
No upstream fix for now.