Heap Data Leak Vulnerability in BlueZ Bluetooth Stack by the Linux Foundation
CVE-2019-8921

6.5MEDIUM

Key Information:

Vendor
Bluez
Status
Bluez
Vendor
CVE Published:
29 November 2021

Summary

A vulnerability exists in the BlueZ Bluetooth stack where the handling of SVC_ATTR_REQ in the SDP implementation may lead to a heap data leak. This occurs when a crafted CSTATE allows a malicious actor to exploit the server's trust in consecutive requests. The flaw in function service_attr_req of sdpd-request.c results in the server potentially returning more bytes than the allocated buffer can handle, leaking arbitrary heap data. This mishandling emphasizes the importance of rigorous data validation in service responses to maintain system integrity.

References

https://ssd-disclosure.com/ssd-advisory-linux-bluez-infor...
https://security.netapp.com/advisory/ntap-20211203-0002/
https://lists.debian.org/debian-lts-announce/2022/10/msg0...
mailing-list

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2019-8921 : Heap Data Leak Vulnerability in BlueZ Bluetooth Stack by the Linux Foundation | SecurityVulnerability.io