Bugzilla – Bug 1210398
VUL-0: CVE-2023-27349: bluez: stack overflow during AVRCP event handling
Last modified: 2024-02-27 12:01:52 UTC
CVE-2023-27349 This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device. The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27349 https://www.zerodayinitiative.com/advisories/ZDI-23-386/
Affects: - SUSE:SLE-15:Update/bluez - SUSE:SLE-15-SP2:Update/bluez - SUSE:SLE-15-SP3:Update/bluez - SUSE:SLE-15-SP4:Update/bluez - SUSE:SLE-15-SP5:Update/bluez The patch could also be backported to SUSE:SLE-12-SP2:Update.
avrcp: Fix crash while handling unsupported events https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=f54299a850676d92c3dafd83e9174fcfe420ccc9 I will backport the above patch.
(In reply to Carlos López from comment #1) > Affects: > - SUSE:SLE-15:Update/bluez > - SUSE:SLE-15-SP2:Update/bluez > - SUSE:SLE-15-SP3:Update/bluez > - SUSE:SLE-15-SP4:Update/bluez > - SUSE:SLE-15-SP5:Update/bluez > > The patch could also be backported to SUSE:SLE-12-SP2:Update. updated status: - SUSE:SLE-15:Update/bluez [sent, SR#301063] - SUSE:SLE-15-SP2:Update/bluez [sent, SR#301057] - SUSE:SLE-15-SP3:Update/bluez [sent, SR#301056] - SUSE:SLE-15-SP4:Update/bluez [Sent, SR#301055] - SUSE:SLE-15-SP5:Update/bluez [Sent, SR#301054]
(In reply to Joey Lee from comment #5) > (In reply to Carlos López from comment #1) > > Affects: > > - SUSE:SLE-15:Update/bluez > > - SUSE:SLE-15-SP2:Update/bluez > > - SUSE:SLE-15-SP3:Update/bluez > > - SUSE:SLE-15-SP4:Update/bluez > > - SUSE:SLE-15-SP5:Update/bluez > > > > The patch could also be backported to SUSE:SLE-12-SP2:Update. > > updated status: > > - SUSE:SLE-15:Update/bluez [sent, SR#301063] > - SUSE:SLE-15-SP2:Update/bluez [sent, SR#301057] > - SUSE:SLE-15-SP3:Update/bluez [sent, SR#301056] > - SUSE:SLE-15-SP4:Update/bluez [Sent, SR#301055] > - SUSE:SLE-15-SP5:Update/bluez [Sent, SR#301054] update status: - SUSE:SLE-15:Update/bluez [accepted, SR#301063] - SUSE:SLE-15-SP2:Update/bluez [accepted, SR#301057] - SUSE:SLE-15-SP3:Update/bluez [accepted, SR#301056] - SUSE:SLE-15-SP4:Update/bluez [accepted, SR#301055] - SUSE:SLE-15-SP5:Update/bluez [accepted, SR#301054]
(In reply to Joey Lee from comment #7) > (In reply to Joey Lee from comment #5) > > (In reply to Carlos López from comment #1) > > > Affects: > > > - SUSE:SLE-15:Update/bluez > > > - SUSE:SLE-15-SP2:Update/bluez > > > - SUSE:SLE-15-SP3:Update/bluez > > > - SUSE:SLE-15-SP4:Update/bluez > > > - SUSE:SLE-15-SP5:Update/bluez > > > > > > The patch could also be backported to SUSE:SLE-12-SP2:Update. > > > > updated status: > > > > - SUSE:SLE-15:Update/bluez [sent, SR#301063] > > - SUSE:SLE-15-SP2:Update/bluez [sent, SR#301057] > > - SUSE:SLE-15-SP3:Update/bluez [sent, SR#301056] > > - SUSE:SLE-15-SP4:Update/bluez [Sent, SR#301055] > > - SUSE:SLE-15-SP5:Update/bluez [Sent, SR#301054] > > update status: > > - SUSE:SLE-15:Update/bluez [accepted, SR#301063] > - SUSE:SLE-15-SP2:Update/bluez [accepted, SR#301057] > - SUSE:SLE-15-SP3:Update/bluez [accepted, SR#301056] > - SUSE:SLE-15-SP4:Update/bluez [accepted, SR#301055] > - SUSE:SLE-15-SP5:Update/bluez [accepted, SR#301054] update status: - SUSE:SLE-12-SP2:Update/bluez [Sent, SR#301142]
SUSE-SU-2023:2533-1: An update that solves one vulnerability can now be installed. Category: security (important) Bug References: 1210398 CVE References: CVE-2023-27349 Sources used: SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): bluez-5.48-150000.5.49.1 SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): bluez-5.48-150000.5.49.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): bluez-5.48-150000.5.49.1 SUSE CaaS Platform 4.0 (src): bluez-5.48-150000.5.49.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:2546-1: An update that solves one vulnerability can now be installed. Category: security (important) Bug References: 1210398 CVE References: CVE-2023-27349 Sources used: openSUSE Leap 15.5 (src): bluez-5.65-150500.3.3.1 Basesystem Module 15-SP5 (src): bluez-5.65-150500.3.3.1 Desktop Applications Module 15-SP5 (src): bluez-5.65-150500.3.3.1 SUSE Linux Enterprise Workstation Extension 15 SP5 (src): bluez-5.65-150500.3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:2545-1: An update that solves one vulnerability can now be installed. Category: security (important) Bug References: 1210398 CVE References: CVE-2023-27349 Sources used: SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): bluez-5.48-150200.13.25.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): bluez-5.48-150200.13.25.1 SUSE Enterprise Storage 7 (src): bluez-5.48-150200.13.25.1 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): bluez-5.48-150200.13.25.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:2562-1: An update that solves one vulnerability can now be installed. Category: security (important) Bug References: 1210398 CVE References: CVE-2023-27349 Sources used: SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (src): bluez-5.13-5.39.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): bluez-5.13-5.39.1 SUSE Linux Enterprise Server 12 SP5 (src): bluez-5.13-5.39.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): bluez-5.13-5.39.1 SUSE Linux Enterprise Workstation Extension 12 12-SP5 (src): bluez-5.13-5.39.1 SUSE OpenStack Cloud 9 (src): bluez-5.13-5.39.1 SUSE OpenStack Cloud Crowbar 9 (src): bluez-5.13-5.39.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4 (src): bluez-5.13-5.39.1 SUSE Linux Enterprise Software Development Kit 12 SP5 (src): bluez-5.13-5.39.1 SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (src): bluez-5.13-5.39.1 SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (src): bluez-5.13-5.39.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:2605-1: An update that solves one vulnerability can now be installed. Category: security (important) Bug References: 1210398 CVE References: CVE-2023-27349 Sources used: Desktop Applications Module 15-SP4 (src): bluez-5.62-150400.4.13.1 SUSE Linux Enterprise Workstation Extension 15 SP4 (src): bluez-5.62-150400.4.13.1 openSUSE Leap Micro 5.3 (src): bluez-5.62-150400.4.13.1 openSUSE Leap 15.4 (src): bluez-5.62-150400.4.13.1 SUSE Linux Enterprise Micro for Rancher 5.3 (src): bluez-5.62-150400.4.13.1 SUSE Linux Enterprise Micro 5.3 (src): bluez-5.62-150400.4.13.1 SUSE Linux Enterprise Micro for Rancher 5.4 (src): bluez-5.62-150400.4.13.1 SUSE Linux Enterprise Micro 5.4 (src): bluez-5.62-150400.4.13.1 Basesystem Module 15-SP4 (src): bluez-5.62-150400.4.13.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
(In reply to Joey Lee from comment #8) > (In reply to Joey Lee from comment #7) > > (In reply to Joey Lee from comment #5) > > > (In reply to Carlos López from comment #1) > > > > Affects: > > > > - SUSE:SLE-15:Update/bluez > > > > - SUSE:SLE-15-SP2:Update/bluez > > > > - SUSE:SLE-15-SP3:Update/bluez > > > > - SUSE:SLE-15-SP4:Update/bluez > > > > - SUSE:SLE-15-SP5:Update/bluez > > > > > > > > The patch could also be backported to SUSE:SLE-12-SP2:Update. > > > > > > updated status: > > > > > > - SUSE:SLE-15:Update/bluez [sent, SR#301063] > > > - SUSE:SLE-15-SP2:Update/bluez [sent, SR#301057] > > > - SUSE:SLE-15-SP3:Update/bluez [sent, SR#301056] > > > - SUSE:SLE-15-SP4:Update/bluez [Sent, SR#301055] > > > - SUSE:SLE-15-SP5:Update/bluez [Sent, SR#301054] > > > > update status: > > > > - SUSE:SLE-15:Update/bluez [accepted, SR#301063] > > - SUSE:SLE-15-SP2:Update/bluez [accepted, SR#301057] > > - SUSE:SLE-15-SP3:Update/bluez [accepted, SR#301056] > > - SUSE:SLE-15-SP4:Update/bluez [accepted, SR#301055] > > - SUSE:SLE-15-SP5:Update/bluez [accepted, SR#301054] > > update status: > > - SUSE:SLE-12-SP2:Update/bluez [Sent, SR#301142] - SUSE:SLE-12-SP2:Update/bluez [accepted, SR#301142] Reset assigner.
SUSE-SU-2023:2613-1: An update that solves one vulnerability can now be installed. Category: security (important) Bug References: 1210398 CVE References: CVE-2023-27349 Sources used: openSUSE Leap 15.3 (src): bluez-5.55-150300.3.22.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): bluez-5.55-150300.3.22.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): bluez-5.55-150300.3.22.1 SUSE Linux Enterprise Real Time 15 SP3 (src): bluez-5.55-150300.3.22.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): bluez-5.55-150300.3.22.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): bluez-5.55-150300.3.22.1 SUSE Manager Proxy 4.2 (src): bluez-5.55-150300.3.22.1 SUSE Manager Retail Branch Server 4.2 (src): bluez-5.55-150300.3.22.1 SUSE Manager Server 4.2 (src): bluez-5.55-150300.3.22.1 SUSE Enterprise Storage 7.1 (src): bluez-5.55-150300.3.22.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.