DSA-4951-1 bluez -- bluezID: oval:org.secpod.oval:def:74574 | Date: (C)2021-08-23 (M)2024-02-19 |
Class: PATCH | Family: unix |
Several vulnerabilities were discovered in Bluez, the Linux Bluetooth protocol stack. CVE-2020-26558 / CVE-2021-0129 It was discovered that Bluez does not properly check permissions during pairing operation, which could allow an attacker to impersonate the initiating device. CVE-2020-27153 Jay LV discovered a double free flaw in the disconnect_cb routine in the gattool. A remote attacker can take advantage of this flaw during service discovery for denial of service, or potentially, execution of arbitrary code.