Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 797712 (CVE-2020-26558, CVE-2021-0129, CVE-2021-3588) - <net-wireless/bluez-5.57: multiple vulnerabilities (CVE-2020-26558, CVE-2021-{0129,3588})
Summary: <net-wireless/bluez-5.57: multiple vulnerabilities (CVE-2020-26558, CVE-2021-...
Alias: CVE-2020-26558, CVE-2021-0129, CVE-2021-3588
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B4 [glsa?]
Depends on:
Reported: 2021-06-23 02:45 UTC by John Helmert III
Modified: 2021-07-29 18:10 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III gentoo-dev Security 2021-06-23 02:45:21 UTC

The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading.


bluez $ git tag --contains 3a40bef49

Please cleanup.
Comment 1 John Helmert III gentoo-dev Security 2021-06-23 02:49:55 UTC
Actually, an Intel advisory seems to indicate 5.57 fixes a couple more CVEs:


Description: Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access.


Description: Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time.
Comment 2 John Helmert III gentoo-dev Security 2021-06-23 02:55:43 UTC
(In reply to John Helmert III from comment #1)
> Actually, an Intel advisory seems to indicate 5.57 fixes a couple more CVEs:

Forgot to actually link the advisory:
Comment 3 Larry the Git Cow gentoo-dev 2021-06-23 07:53:45 UTC
The bug has been referenced in the following commit(s):

commit dc88877a2411735d828da371cd8b72b2173625f5
Author:     Pacho Ramos <>
AuthorDate: 2021-06-23 07:52:09 +0000
Commit:     Pacho Ramos <>
CommitDate: 2021-06-23 07:53:39 +0000

    net-wireless/bluez: Drop old
    Package-Manager: Portage-3.0.19, Repoman-3.0.3
    Signed-off-by: Pacho Ramos <>

 net-wireless/bluez/Manifest                        |   2 -
 net-wireless/bluez/bluez-5.55.ebuild               | 299 ---------------------
 net-wireless/bluez/bluez-5.56-r1.ebuild            | 296 --------------------
 .../bluez/files/bluez-5.56-avdtp-disconnects.patch |  41 ---
 4 files changed, 638 deletions(-)
Comment 4 John Helmert III gentoo-dev Security 2021-06-23 21:22:35 UTC
Thank you!
Comment 5 NATTkA bot gentoo-dev 2021-07-29 17:21:28 UTC Comment hidden (obsolete)
Comment 6 NATTkA bot gentoo-dev 2021-07-29 17:29:38 UTC Comment hidden (obsolete)
Comment 7 NATTkA bot gentoo-dev 2021-07-29 17:37:36 UTC Comment hidden (obsolete)
Comment 8 NATTkA bot gentoo-dev 2021-07-29 17:45:40 UTC Comment hidden (obsolete)
Comment 9 NATTkA bot gentoo-dev 2021-07-29 17:53:45 UTC Comment hidden (obsolete)
Comment 10 NATTkA bot gentoo-dev 2021-07-29 18:01:39 UTC Comment hidden (obsolete)
Comment 11 NATTkA bot gentoo-dev 2021-07-29 18:10:00 UTC
Package list is empty or all packages have requested keywords.