Denial of Service Vulnerability in BlueZ by the Linux Foundation
CVE-2022-39177

8.8HIGH

Key Information:

Vendor: Bluez
Status: Bluez
Vendor: CVE Published:; 2 September 2022

What is CVE-2022-39177?

Certain versions of BlueZ prior to 5.59 are susceptible to a denial of service attack. By exploiting a vulnerability in the processing of malformed and invalid capabilities within the AVDTP profile, attackers in physical proximity can disrupt the functionality of the affected device. This could lead to significant service interruptions and potential exploitation of connected systems.

References

https://ubuntu.com/security/notices/USN-5481-1

https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968

https://security.netapp.com/advisory/ntap-20221020-0002/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 2, 2022
Vulnerability Reserved
Sep 2, 2022

Bluez

What is CVE-2022-39177?

References

CVSS V3.1

Timeline