Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 749285 (CVE-2020-27153) - <net-wireless/bluez-5.55: double free in the gatttool disconnect_cb() routine from shared/att.c could cause a DoS or code execution (CVE-2020-27153)
Summary: <net-wireless/bluez-5.55: double free in the gatttool disconnect_cb() routine...
Status: RESOLVED FIXED
Alias: CVE-2020-27153
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://github.com/bluez/bluez/commit...
Whiteboard: B2 [glsa+ cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-10-15 13:12 UTC by filip ambroz
Modified: 2020-11-03 00:53 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description filip ambroz 2020-10-15 13:12:01 UTC
In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event.

Links:
https://nvd.nist.gov/vuln/detail/CVE-2020-27153
https://bugzilla.redhat.com/show_bug.cgi?id=1884817

Patch:
https://github.com/bluez/bluez/commit/1cd644db8c23a2f530ddb93cebed7dacc5f5721a
Comment 1 John Helmert III gentoo-dev Security 2020-10-15 13:59:03 UTC
Maintainer, please stabilize when ready.
Comment 2 Sam James archtester gentoo-dev Security 2020-10-17 23:50:14 UTC
arm64 stable
Comment 3 Pacho Ramos gentoo-dev 2020-10-18 14:37:31 UTC
amd64 stable
Comment 4 Thomas Deutschmann gentoo-dev Security 2020-10-18 15:12:18 UTC
x86 stable
Comment 5 Sam James archtester gentoo-dev Security 2020-10-18 23:54:59 UTC
arm done
Comment 6 Sergei Trofimovich gentoo-dev 2020-10-20 07:11:37 UTC
ppc/ppc64 stable
Comment 7 Sam James archtester gentoo-dev Security 2020-10-20 10:50:38 UTC
Please cleanup.
Comment 8 Larry the Git Cow gentoo-dev 2020-10-24 22:23:46 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a9fa005b8404eaa55cfb6cf14b2e26c98a2715af

commit a9fa005b8404eaa55cfb6cf14b2e26c98a2715af
Author:     Pacho Ramos <pacho@gentoo.org>
AuthorDate: 2020-10-24 22:23:36 +0000
Commit:     Pacho Ramos <pacho@gentoo.org>
CommitDate: 2020-10-24 22:23:36 +0000

    net-wireless/bluez: Drop old
    
    Bug: https://bugs.gentoo.org/749285
    Package-Manager: Portage-3.0.8, Repoman-3.0.1
    Signed-off-by: Pacho Ramos <pacho@gentoo.org>

 net-wireless/bluez/Manifest          |   1 -
 net-wireless/bluez/bluez-5.54.ebuild | 297 -----------------------------------
 2 files changed, 298 deletions(-)
Comment 9 John Helmert III gentoo-dev Security 2020-10-25 00:26:27 UTC
Thanks all!
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2020-11-03 00:53:58 UTC
This issue was resolved and addressed in
 GLSA 202011-01 at https://security.gentoo.org/glsa/202011-01
by GLSA coordinator Sam James (sam_c).