Denial of Service Vulnerability in BlueZ by the Linux Foundation
CVE-2022-39177

8.8HIGH

Key Information:

Vendor
Bluez
Status
Bluez
Vendor
CVE Published:
2 September 2022

Summary

Certain versions of BlueZ prior to 5.59 are susceptible to a denial of service attack. By exploiting a vulnerability in the processing of malformed and invalid capabilities within the AVDTP profile, attackers in physical proximity can disrupt the functionality of the affected device. This could lead to significant service interruptions and potential exploitation of connected systems.

References

https://ubuntu.com/security/notices/USN-5481-1
https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968
https://security.netapp.com/advisory/ntap-20221020-0002/

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2022-39177 : Denial of Service Vulnerability in BlueZ by the Linux Foundation | SecurityVulnerability.io