CVE-2018-16264

CWE-200 — Information Exposure3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 56.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Tizen

Timeline

PublishedJan 22

Latest updateMay 24

Description

The BlueZ system service in Tizen allows an unprivileged process to partially control Bluetooth or acquire sensitive information, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶NVDlinux/tizen11 versions+10

🔴Vulnerability Details

GHSA

GHSA-gcr3-7gvg-jhhf: The BlueZ system service in Tizen allows an unprivileged process to partially control Bluetooth or acquire sensitive information, due to improper D-Bu↗2022-05-24

▶

CVEList

CVE-2018-16264: The BlueZ system service in Tizen allows an unprivileged process to partially control Bluetooth or acquire sensitive information, due to improper D-Bu↗2020-01-22

▶