2125965 – (CVE-2022-39177) CVE-2022-39177 bluez: BlueZ allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c

Bug 2125965 (CVE-2022-39177) - CVE-2022-39177 bluez: BlueZ allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c

Summary: CVE-2022-39177 bluez: BlueZ allows physically proximate attackers to cause a ...

Keywords:
Status:	NEW
Alias:	CVE-2022-39177
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2125971 2125972 2125973
Blocks:	2123781
TreeView+	depends on / blocked

Reported:	2022-09-12 06:22 UTC by Sandipan Roy
Modified:	2023-07-07 08:33 UTC (History)
CC List:	9 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A vulnerability was found in BlueZ. This flaw allows physically proximate attackers to cause a denial of service due to malformed and invalid capabilities processed in profiles/audio/avdtp.c.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Sandipan Roy 2022-09-12 06:22:50 UTC

BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.

https://ubuntu.com/security/notices/USN-5481-1
https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968

Comment 1 Sandipan Roy 2022-09-12 06:37:39 UTC

Created bluez tracking bugs for this issue:

Affects: fedora-all [bug 2125972]

Note You need to log in before you can comment on or make changes to this bug.