Bug 1203121 (CVE-2022-39176) - VUL-0: CVE-2022-39176: bluez: improper parameter length verification in AVRCP could allow physically proximate attackers to obtain sensitive information
Summary: VUL-0: CVE-2022-39176: bluez: improper parameter length verification in AVRCP...
Status: RESOLVED FIXED
Alias: CVE-2022-39176
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Joey Lee
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/341392/
Whiteboard: CVSSv3.1:SUSE:CVE-2022-39176:7.3:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2022-09-05 12:38 UTC by Carlos López
Modified: 2023-02-07 06:55 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Carlos López 2022-09-05 12:38:17 UTC
CVE-2022-39176

BlueZ before 5.59 allows physically proximate attackers to obtain sensitive
information because profiles/audio/avrcp.c does not validate params_len.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39176
https://www.cve.org/CVERecord?id=CVE-2022-39176
http://www.cvedetails.com/cve/CVE-2022-39176/
https://ubuntu.com/security/notices/USN-5481-1
https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968
Comment 1 Carlos López 2022-09-05 12:39:41 UTC
Affected:
 - SUSE:SLE-11-SP3:Update
 - SUSE:SLE-12-SP2:Update
 - SUSE:SLE-15:Update
 - SUSE:SLE-15-SP2:Update
 - SUSE:SLE-15-SP3:Update

Already fixed in SUSE:SLE-15-SP4:Update.

Fixed in:
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e2b0f0d8d63e1223bb714a9efb37e2257818268b
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e21680c9355a0f9d5ef6d4a5ae032de274e87b37
Comment 5 Joey Lee 2023-01-18 06:35:13 UTC
(In reply to Carlos López from comment #1)
> Affected:
>  - SUSE:SLE-11-SP3:Update
>  - SUSE:SLE-12-SP2:Update
>  - SUSE:SLE-15:Update
>  - SUSE:SLE-15-SP2:Update
>  - SUSE:SLE-15-SP3:Update
> 
> Already fixed in SUSE:SLE-15-SP4:Update.
> 
> Fixed in:
> https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/
> ?id=e2b0f0d8d63e1223bb714a9efb37e2257818268b
> https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/
> ?id=e21680c9355a0f9d5ef6d4a5ae032de274e87b37

Sent the following subumitreq to SLE:

SUSE:SLE-15-SP3:Update/bluez :
https://build.suse.de/request/show/288434

SUSE:SLE-15-SP2:Update/bluez :
https://build.suse.de/request/show/288435

SUSE:SLE-15:Update/bluez :
https://build.suse.de/request/show/288436

SUSE:SLE-12-SP2:Update/bluez :
https://build.suse.de/request/show/288439
Comment 6 Joey Lee 2023-01-18 14:45:11 UTC
(In reply to Joey Lee from comment #5)
> (In reply to Carlos López from comment #1)
> > Affected:
> >  - SUSE:SLE-11-SP3:Update
> >  - SUSE:SLE-12-SP2:Update
> >  - SUSE:SLE-15:Update
> >  - SUSE:SLE-15-SP2:Update
> >  - SUSE:SLE-15-SP3:Update
> > 
> > Already fixed in SUSE:SLE-15-SP4:Update.
> > 
> > Fixed in:
> > https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/
> > ?id=e2b0f0d8d63e1223bb714a9efb37e2257818268b
> > https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/
> > ?id=e21680c9355a0f9d5ef6d4a5ae032de274e87b37
> 
> Sent the following subumitreq to SLE:
> 
> SUSE:SLE-15-SP3:Update/bluez :
> https://build.suse.de/request/show/288434
> 
> SUSE:SLE-15-SP2:Update/bluez :
> https://build.suse.de/request/show/288435
> 
> SUSE:SLE-15:Update/bluez :
> https://build.suse.de/request/show/288436
> 
> SUSE:SLE-12-SP2:Update/bluez :
> https://build.suse.de/request/show/288439

SUSE:SLE-11-SP3:Update/bluez :

https://build.suse.de/request/show/288477
Comment 7 Swamp Workflow Management 2023-01-26 20:29:59 UTC
SUSE-SU-2023:0166-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1203120,1203121
CVE References: CVE-2022-39176,CVE-2022-39177
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    bluez-5.13-5.36.1
SUSE OpenStack Cloud 9 (src):    bluez-5.13-5.36.1
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    bluez-5.13-5.36.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    bluez-5.13-5.36.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    bluez-5.13-5.36.1
SUSE Linux Enterprise Server 12-SP5 (src):    bluez-5.13-5.36.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    bluez-5.13-5.36.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    bluez-5.13-5.36.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Swamp Workflow Management 2023-01-26 20:37:19 UTC
SUSE-SU-2023:0168-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1203120,1203121
CVE References: CVE-2022-39176,CVE-2022-39177
JIRA References: 
Sources used:
SUSE Manager Server 4.2 (src):    bluez-5.55-150300.3.19.1
SUSE Manager Retail Branch Server 4.2 (src):    bluez-5.55-150300.3.19.1
SUSE Manager Proxy 4.2 (src):    bluez-5.55-150300.3.19.1
SUSE Linux Enterprise Server for SAP 15-SP3 (src):    bluez-5.55-150300.3.19.1
SUSE Linux Enterprise Server 15-SP3-LTSS (src):    bluez-5.55-150300.3.19.1
SUSE Linux Enterprise Realtime Extension 15-SP3 (src):    bluez-5.55-150300.3.19.1
SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (src):    bluez-5.55-150300.3.19.1
SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (src):    bluez-5.55-150300.3.19.1
SUSE Enterprise Storage 7.1 (src):    bluez-5.55-150300.3.19.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2023-01-26 20:42:42 UTC
SUSE-SU-2023:0155-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1203120,1203121
CVE References: CVE-2022-39176,CVE-2022-39177
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    bluez-5.48-150000.5.46.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    bluez-5.48-150000.5.46.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    bluez-5.48-150000.5.46.1
SUSE Enterprise Storage 6 (src):    bluez-5.48-150000.5.46.1
SUSE CaaS Platform 4.0 (src):    bluez-5.48-150000.5.46.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Swamp Workflow Management 2023-01-26 20:46:38 UTC
SUSE-SU-2023:0156-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1203120,1203121
CVE References: CVE-2022-39176,CVE-2022-39177
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    bluez-5.48-150200.13.22.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    bluez-5.48-150200.13.22.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    bluez-5.48-150200.13.22.1
SUSE Enterprise Storage 7 (src):    bluez-5.48-150200.13.22.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.