CVE-2021-0129 — Improper Authentication in Bluez

CWE-287 — Improper Authentication CWE-863 — Incorrect Authorization17 documents6 sources

Severity

5.7MEDIUMNVD

OSV7.8OSV5.4OSV4.2OSV3.5

EPSS

0.1%

top 64.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Bluez Linux Kernel Debian Bluez +3 more

Timeline

PublishedJun 9

Latest updateMay 24

Description

Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.1 | Impact: 3.6

Affected Packages7 packages

▶NVDbluez/bluez< 5.57

▶debiandebian/bluez< bluez 5.55-3.1 (bookworm)

▶Debianbluez/bluez< 5.55-3.1+3

▶CVEListV5bluez/bluezSee references

▶debiandebian/linux< bluez 5.55-3.1 (bookworm)

Also affects: Debian Linux 9.0, Enterprise Linux 7.0, 8.0

🔴Vulnerability Details

GHSA

GHSA-98mf-qrx3-4856: Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access↗2022-05-24

▶

OSV

linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities↗2022-03-22

▶

OSV

linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities↗2022-02-22

▶

OSV

linux-aws-5.8, linux-azure-5.8, linux-gcp-5.8, linux-oracle-5.8 vulnerabilities↗2021-08-24

▶

OSV

linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.11, linux-kvm, linux-oracle, linux-raspi vulnerabilities↗2021-08-18

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2022-03-22

▶

Ubuntu

Linux kernel vulnerabilities↗2022-02-22

▶

Ubuntu

Linux kernel vulnerabilities↗2021-08-24

▶

Ubuntu

Linux kernel vulnerabilities↗2021-08-18

▶

Ubuntu

Linux kernel vulnerabilities↗2021-07-20

▶