Bug 1210398 (CVE-2023-27349) - VUL-0: CVE-2023-27349: bluez: stack overflow during AVRCP event handling
Summary: VUL-0: CVE-2023-27349: bluez: stack overflow during AVRCP event handling
Status: RESOLVED FIXED
Alias: CVE-2023-27349
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Major
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/363337/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-27349:8.0:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2023-04-13 08:43 UTC by Carlos López
Modified: 2024-02-27 12:01 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Carlos López 2023-04-13 08:43:40 UTC
CVE-2023-27349

This vulnerability allows network-adjacent attackers to execute arbitrary code
via Bluetooth on affected installations of BlueZ. User interaction is required
to exploit this vulnerability in that the target must connect to a malicious
device.

The specific flaw exists within the handling of the AVRCP protocol. The issue
results from the lack of proper validation of user-supplied data, which can
result in a write past the end of an allocated buffer. An attacker can leverage
this vulnerability to execute code in the context of root.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27349
https://www.zerodayinitiative.com/advisories/ZDI-23-386/
Comment 1 Carlos López 2023-04-13 08:46:55 UTC
Affects:
- SUSE:SLE-15:Update/bluez
- SUSE:SLE-15-SP2:Update/bluez
- SUSE:SLE-15-SP3:Update/bluez
- SUSE:SLE-15-SP4:Update/bluez
- SUSE:SLE-15-SP5:Update/bluez

The patch could also be backported to SUSE:SLE-12-SP2:Update.
Comment 2 Joey Lee 2023-04-24 05:18:33 UTC
avrcp: Fix crash while handling unsupported events
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=f54299a850676d92c3dafd83e9174fcfe420ccc9

I will backport the above patch.
Comment 5 Joey Lee 2023-06-13 08:33:49 UTC
(In reply to Carlos López from comment #1)
> Affects:
> - SUSE:SLE-15:Update/bluez
> - SUSE:SLE-15-SP2:Update/bluez
> - SUSE:SLE-15-SP3:Update/bluez
> - SUSE:SLE-15-SP4:Update/bluez
> - SUSE:SLE-15-SP5:Update/bluez
> 
> The patch could also be backported to SUSE:SLE-12-SP2:Update.

updated status:

- SUSE:SLE-15:Update/bluez      [sent, SR#301063]
- SUSE:SLE-15-SP2:Update/bluez  [sent, SR#301057]
- SUSE:SLE-15-SP3:Update/bluez  [sent, SR#301056]
- SUSE:SLE-15-SP4:Update/bluez  [Sent, SR#301055]
- SUSE:SLE-15-SP5:Update/bluez  [Sent, SR#301054]
Comment 7 Joey Lee 2023-06-14 03:51:19 UTC
(In reply to Joey Lee from comment #5)
> (In reply to Carlos López from comment #1)
> > Affects:
> > - SUSE:SLE-15:Update/bluez
> > - SUSE:SLE-15-SP2:Update/bluez
> > - SUSE:SLE-15-SP3:Update/bluez
> > - SUSE:SLE-15-SP4:Update/bluez
> > - SUSE:SLE-15-SP5:Update/bluez
> > 
> > The patch could also be backported to SUSE:SLE-12-SP2:Update.
> 
> updated status:
> 
> - SUSE:SLE-15:Update/bluez      [sent, SR#301063]
> - SUSE:SLE-15-SP2:Update/bluez  [sent, SR#301057]
> - SUSE:SLE-15-SP3:Update/bluez  [sent, SR#301056]
> - SUSE:SLE-15-SP4:Update/bluez  [Sent, SR#301055]
> - SUSE:SLE-15-SP5:Update/bluez  [Sent, SR#301054]

update status:

- SUSE:SLE-15:Update/bluez      [accepted, SR#301063]
- SUSE:SLE-15-SP2:Update/bluez  [accepted, SR#301057]
- SUSE:SLE-15-SP3:Update/bluez  [accepted, SR#301056]
- SUSE:SLE-15-SP4:Update/bluez  [accepted, SR#301055]
- SUSE:SLE-15-SP5:Update/bluez  [accepted, SR#301054]
Comment 8 Joey Lee 2023-06-14 04:17:02 UTC
(In reply to Joey Lee from comment #7)
> (In reply to Joey Lee from comment #5)
> > (In reply to Carlos López from comment #1)
> > > Affects:
> > > - SUSE:SLE-15:Update/bluez
> > > - SUSE:SLE-15-SP2:Update/bluez
> > > - SUSE:SLE-15-SP3:Update/bluez
> > > - SUSE:SLE-15-SP4:Update/bluez
> > > - SUSE:SLE-15-SP5:Update/bluez
> > > 
> > > The patch could also be backported to SUSE:SLE-12-SP2:Update.
> > 
> > updated status:
> > 
> > - SUSE:SLE-15:Update/bluez      [sent, SR#301063]
> > - SUSE:SLE-15-SP2:Update/bluez  [sent, SR#301057]
> > - SUSE:SLE-15-SP3:Update/bluez  [sent, SR#301056]
> > - SUSE:SLE-15-SP4:Update/bluez  [Sent, SR#301055]
> > - SUSE:SLE-15-SP5:Update/bluez  [Sent, SR#301054]
> 
> update status:
> 
> - SUSE:SLE-15:Update/bluez      [accepted, SR#301063]
> - SUSE:SLE-15-SP2:Update/bluez  [accepted, SR#301057]
> - SUSE:SLE-15-SP3:Update/bluez  [accepted, SR#301056]
> - SUSE:SLE-15-SP4:Update/bluez  [accepted, SR#301055]
> - SUSE:SLE-15-SP5:Update/bluez  [accepted, SR#301054]

update status:

- SUSE:SLE-12-SP2:Update/bluez  [Sent, SR#301142]
Comment 10 Maintenance Automation 2023-06-19 08:30:30 UTC
SUSE-SU-2023:2533-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1210398
CVE References: CVE-2023-27349
Sources used:
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): bluez-5.48-150000.5.49.1
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): bluez-5.48-150000.5.49.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): bluez-5.48-150000.5.49.1
SUSE CaaS Platform 4.0 (src): bluez-5.48-150000.5.49.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Maintenance Automation 2023-06-19 12:30:20 UTC
SUSE-SU-2023:2546-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1210398
CVE References: CVE-2023-27349
Sources used:
openSUSE Leap 15.5 (src): bluez-5.65-150500.3.3.1
Basesystem Module 15-SP5 (src): bluez-5.65-150500.3.3.1
Desktop Applications Module 15-SP5 (src): bluez-5.65-150500.3.3.1
SUSE Linux Enterprise Workstation Extension 15 SP5 (src): bluez-5.65-150500.3.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Maintenance Automation 2023-06-19 12:30:23 UTC
SUSE-SU-2023:2545-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1210398
CVE References: CVE-2023-27349
Sources used:
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): bluez-5.48-150200.13.25.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): bluez-5.48-150200.13.25.1
SUSE Enterprise Storage 7 (src): bluez-5.48-150200.13.25.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): bluez-5.48-150200.13.25.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Maintenance Automation 2023-06-21 12:31:58 UTC
SUSE-SU-2023:2562-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1210398
CVE References: CVE-2023-27349
Sources used:
SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (src): bluez-5.13-5.39.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): bluez-5.13-5.39.1
SUSE Linux Enterprise Server 12 SP5 (src): bluez-5.13-5.39.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): bluez-5.13-5.39.1
SUSE Linux Enterprise Workstation Extension 12 12-SP5 (src): bluez-5.13-5.39.1
SUSE OpenStack Cloud 9 (src): bluez-5.13-5.39.1
SUSE OpenStack Cloud Crowbar 9 (src): bluez-5.13-5.39.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4 (src): bluez-5.13-5.39.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src): bluez-5.13-5.39.1
SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (src): bluez-5.13-5.39.1
SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (src): bluez-5.13-5.39.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 14 Maintenance Automation 2023-06-22 08:30:31 UTC
SUSE-SU-2023:2605-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1210398
CVE References: CVE-2023-27349
Sources used:
Desktop Applications Module 15-SP4 (src): bluez-5.62-150400.4.13.1
SUSE Linux Enterprise Workstation Extension 15 SP4 (src): bluez-5.62-150400.4.13.1
openSUSE Leap Micro 5.3 (src): bluez-5.62-150400.4.13.1
openSUSE Leap 15.4 (src): bluez-5.62-150400.4.13.1
SUSE Linux Enterprise Micro for Rancher 5.3 (src): bluez-5.62-150400.4.13.1
SUSE Linux Enterprise Micro 5.3 (src): bluez-5.62-150400.4.13.1
SUSE Linux Enterprise Micro for Rancher 5.4 (src): bluez-5.62-150400.4.13.1
SUSE Linux Enterprise Micro 5.4 (src): bluez-5.62-150400.4.13.1
Basesystem Module 15-SP4 (src): bluez-5.62-150400.4.13.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 15 Joey Lee 2023-06-27 04:44:51 UTC
(In reply to Joey Lee from comment #8)
> (In reply to Joey Lee from comment #7)
> > (In reply to Joey Lee from comment #5)
> > > (In reply to Carlos López from comment #1)
> > > > Affects:
> > > > - SUSE:SLE-15:Update/bluez
> > > > - SUSE:SLE-15-SP2:Update/bluez
> > > > - SUSE:SLE-15-SP3:Update/bluez
> > > > - SUSE:SLE-15-SP4:Update/bluez
> > > > - SUSE:SLE-15-SP5:Update/bluez
> > > > 
> > > > The patch could also be backported to SUSE:SLE-12-SP2:Update.
> > > 
> > > updated status:
> > > 
> > > - SUSE:SLE-15:Update/bluez      [sent, SR#301063]
> > > - SUSE:SLE-15-SP2:Update/bluez  [sent, SR#301057]
> > > - SUSE:SLE-15-SP3:Update/bluez  [sent, SR#301056]
> > > - SUSE:SLE-15-SP4:Update/bluez  [Sent, SR#301055]
> > > - SUSE:SLE-15-SP5:Update/bluez  [Sent, SR#301054]
> > 
> > update status:
> > 
> > - SUSE:SLE-15:Update/bluez      [accepted, SR#301063]
> > - SUSE:SLE-15-SP2:Update/bluez  [accepted, SR#301057]
> > - SUSE:SLE-15-SP3:Update/bluez  [accepted, SR#301056]
> > - SUSE:SLE-15-SP4:Update/bluez  [accepted, SR#301055]
> > - SUSE:SLE-15-SP5:Update/bluez  [accepted, SR#301054]
> 
> update status:
> 
> - SUSE:SLE-12-SP2:Update/bluez  [Sent, SR#301142]

- SUSE:SLE-12-SP2:Update/bluez  [accepted, SR#301142]

Reset assigner.
Comment 17 Maintenance Automation 2024-02-27 12:01:52 UTC
SUSE-SU-2023:2613-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1210398
CVE References: CVE-2023-27349
Sources used:
openSUSE Leap 15.3 (src): bluez-5.55-150300.3.22.1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): bluez-5.55-150300.3.22.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): bluez-5.55-150300.3.22.1
SUSE Linux Enterprise Real Time 15 SP3 (src): bluez-5.55-150300.3.22.1
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): bluez-5.55-150300.3.22.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): bluez-5.55-150300.3.22.1
SUSE Manager Proxy 4.2 (src): bluez-5.55-150300.3.22.1
SUSE Manager Retail Branch Server 4.2 (src): bluez-5.55-150300.3.22.1
SUSE Manager Server 4.2 (src): bluez-5.55-150300.3.22.1
SUSE Enterprise Storage 7.1 (src): bluez-5.55-150300.3.22.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.