Bug 1203121 - (CVE-2022-39176) VUL-0: CVE-2022-39176: bluez: improper parameter length verification in AVRCP could allow physically proximate attackers to obtain sensitive information
(CVE-2022-39176)
VUL-0: CVE-2022-39176: bluez: improper parameter length verification in AVRCP...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Joey Lee
Security Team bot
https://smash.suse.de/issue/341392/
CVSSv3.1:SUSE:CVE-2022-39176:7.3:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-09-05 12:38 UTC by Carlos López
Modified: 2022-10-23 15:58 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---
gabriele.sonnu: needinfo? (jlee)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Carlos López 2022-09-05 12:38:17 UTC
CVE-2022-39176

BlueZ before 5.59 allows physically proximate attackers to obtain sensitive
information because profiles/audio/avrcp.c does not validate params_len.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39176
https://www.cve.org/CVERecord?id=CVE-2022-39176
http://www.cvedetails.com/cve/CVE-2022-39176/
https://ubuntu.com/security/notices/USN-5481-1
https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968
Comment 1 Carlos López 2022-09-05 12:39:41 UTC
Affected:
 - SUSE:SLE-11-SP3:Update
 - SUSE:SLE-12-SP2:Update
 - SUSE:SLE-15:Update
 - SUSE:SLE-15-SP2:Update
 - SUSE:SLE-15-SP3:Update

Already fixed in SUSE:SLE-15-SP4:Update.

Fixed in:
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e2b0f0d8d63e1223bb714a9efb37e2257818268b
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e21680c9355a0f9d5ef6d4a5ae032de274e87b37