Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 797712 (CVE-2020-26558, CVE-2021-0129, CVE-2021-3588) - <net-wireless/bluez-5.57: multiple vulnerabilities (CVE-2020-26558, CVE-2021-{0129,3588})
Summary: <net-wireless/bluez-5.57: multiple vulnerabilities (CVE-2020-26558, CVE-2021-...
Status: IN_PROGRESS
Alias: CVE-2020-26558, CVE-2021-0129, CVE-2021-3588
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://github.com/bluez/bluez/issues/70
Whiteboard: B4 [glsa?]
Keywords:
Depends on:
Blocks:
 
Reported: 2021-06-23 02:45 UTC by John Helmert III
Modified: 2021-06-23 21:22 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III gentoo-dev Security 2021-06-23 02:45:21 UTC
CVE-2021-3588:

The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading.


Patch: https://github.com/bluez/bluez/commit/3a40bef49

bluez $ git tag --contains 3a40bef49
5.56
5.57
5.58

Please cleanup.
Comment 1 John Helmert III gentoo-dev Security 2021-06-23 02:49:55 UTC
Actually, an Intel advisory seems to indicate 5.57 fixes a couple more CVEs:

CVE-2021-0129:

Description: Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access.

CVE-2020-26558:

Description: Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time.
Comment 2 John Helmert III gentoo-dev Security 2021-06-23 02:55:43 UTC
(In reply to John Helmert III from comment #1)
> Actually, an Intel advisory seems to indicate 5.57 fixes a couple more CVEs:

Forgot to actually link the advisory:

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html
Comment 3 Larry the Git Cow gentoo-dev 2021-06-23 07:53:45 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dc88877a2411735d828da371cd8b72b2173625f5

commit dc88877a2411735d828da371cd8b72b2173625f5
Author:     Pacho Ramos <pacho@gentoo.org>
AuthorDate: 2021-06-23 07:52:09 +0000
Commit:     Pacho Ramos <pacho@gentoo.org>
CommitDate: 2021-06-23 07:53:39 +0000

    net-wireless/bluez: Drop old
    
    Bug: https://bugs.gentoo.org/797712
    Package-Manager: Portage-3.0.19, Repoman-3.0.3
    Signed-off-by: Pacho Ramos <pacho@gentoo.org>

 net-wireless/bluez/Manifest                        |   2 -
 net-wireless/bluez/bluez-5.55.ebuild               | 299 ---------------------
 net-wireless/bluez/bluez-5.56-r1.ebuild            | 296 --------------------
 .../bluez/files/bluez-5.56-avdtp-disconnects.patch |  41 ---
 4 files changed, 638 deletions(-)
Comment 4 John Helmert III gentoo-dev Security 2021-06-23 21:22:35 UTC
Thank you!