Gentoo Linux Security Advisory 202209-16 - Multiple vulnerabilities have been discovered in BlueZ, the worst of which could result in arbitrary code execution. Versions less than 5.63 are affected.
665e641a5e8b1bb883f56bf358f09daf4066682c626f4aaf8eea49daf5ff2361Ubuntu Security Notice 5343-1 - Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. It was discovered that the aufs file system in the Linux kernel did not properly restrict mount namespaces, when mounted with the non-default allow_userns option set. A local attacker could use this to gain administrative privileges.
f52b839ff13c30e863d5be66f515f639c4bbf6c3ac1911f54911c3a1db6abad1Red Hat Security Advisory 2021-4432-03 - The bluez packages contain the following utilities for use in Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start scripts, and pcmcia configuration files.
6eca52b6194bbf394e7c5bf9b7c89b2b330a1affb01866344f9db229f21dc236Debian Linux Security Advisory 4951-1 - Several vulnerabilities were discovered in Bluez, the Linux Bluetooth protocol stack.
431d311d6156400aa4dd4fd7ef9b5e86f90421e808c0e7e5aa7f6a4c7ef192feUbuntu Security Notice 5050-1 - It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. Michael Brown discovered that the Xen netback driver in the Linux kernel did not properly handle malformed packets from a network PV frontend, leading to a use-after-free vulnerability. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
15f18b4a1645df7896d1474336043a68629898f3145352b2946dd200efd3f028Ubuntu Security Notice 5046-1 - It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. Michael Brown discovered that the Xen netback driver in the Linux kernel did not properly handle malformed packets from a network PV frontend, leading to a use-after-free vulnerability. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
911bcc859f7a0c9a9d1bae83c2f53e3ca1b9840869a5229252148bb51ba89399Ubuntu Security Notice 5018-1 - It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service or execute arbitrary code. Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly enforce limits for pointer operations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
4c1acb01997501488d94e4f295f9a8b096b13216c5f32c0bc98642127cd2ea8aUbuntu Security Notice 5017-1 - It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. Various other issues were also addressed.
2eeefb31a25b77fe7591b7712630bbf4e79e970217c6805c3eafc7c444d44c09Ubuntu Security Notice 4989-2 - USN-4989-1 fixed several vulnerabilities in BlueZ. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that BlueZ incorrectly checked certain permissions when pairing. A local attacker could possibly use this issue to impersonate devices. Various other issues were also addressed.
8720c245ff9d32e615ac12072fd408a3b7ff8626c06e4a6d72353f5814177f3aUbuntu Security Notice 4989-1 - It was discovered that BlueZ incorrectly checked certain permissions when pairing. A local attacker could possibly use this issue to impersonate devices. Jay LV discovered that BlueZ incorrectly handled redundant disconnect MGMT events. A local attacker could use this issue to cause BlueZ to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Various other issues were also addressed.
9ce6d46d00d0a483d4190324ad1b23e72ff227a846328a5bacca58006f043db1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed