In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event.
Maintainer, please stabilize when ready.
The bug has been referenced in the following commit(s):
Author: Pacho Ramos <email@example.com>
AuthorDate: 2020-10-24 22:23:36 +0000
Commit: Pacho Ramos <firstname.lastname@example.org>
CommitDate: 2020-10-24 22:23:36 +0000
net-wireless/bluez: Drop old
Package-Manager: Portage-3.0.8, Repoman-3.0.1
Signed-off-by: Pacho Ramos <email@example.com>
net-wireless/bluez/Manifest | 1 -
net-wireless/bluez/bluez-5.54.ebuild | 297 -----------------------------------
2 files changed, 298 deletions(-)
This issue was resolved and addressed in
GLSA 202011-01 at https://security.gentoo.org/glsa/202011-01
by GLSA coordinator Sam James (sam_c).