![]() ![]() In CreateAudioBroadcast of, there is a possible out of bounds write due to a missing bounds check. ![]() User interaction is not needed for exploitation. This could lead to local information disclosure with User execution privileges needed. In parse_gap_data of, there is a possible out of bounds read due to a missing bounds check. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth Glucose Monitoring System, sends unencrypted glucose measurements over BLE.īluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. Potential buffer overflows in the Bluetooth subsystem due to asserts being disabled in /subsys/bluetooth/host/hci_core.cīt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition. Successful exploitation of this vulnerability may allow attackers to access restricted functions.Ī potential buffer overflow exists in the Bluetooth LE HCI CPC sample application in the Gecko SDK which may result in a denial of service or remote code execution Successful exploitation of this vulnerability may allow attackers to access restricted functions. The Bluetooth module of some Huawei Smart Screen products has an identity authentication bypass vulnerability. This could lead to paired device information disclosure with no additional execution privileges needed. In multiple locations, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. In btif_to_bta_response of btif_gatt_, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. In attp_build_read_by_type_value_cmd of att_, there is a possible out of bounds write due to improper input validation. An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic. This issue is fixed in Magic Keyboard Firmware Update 2.0.6. If set, requires that LE Secure Connections is used for read/write access, however this is only true when it is combined with other permissions, namely BT_GATT_PERM_READ_ENCRYPT/BT_GATT_PERM_READ_AUTHEN (for read) or BT_GATT_PERM_WRITE_ENCRYPT/BT_GATT_PERM_WRITE_AUTHEN (for write), if these additional permissions are not set (even in secure connections only mode) then the stack does not perform any permission checks on these characteristics and they can be freely written/read.Ī memory leak in the Silicon Labs' Bluetooth stack for EFR32 products may cause memory to be exhausted when sending notifications to multiple clients, this results in all Bluetooth operations, such as advertising and scanning, to stop.Ī session management issue was addressed with improved checks. The documentation specifies that the BT_GATT_PERM_READ_LESC and BT_GATT_PERM_WRITE_LESC defines for a Bluetooth characteristic: Attribute read/write permission with LE Secure Connection encryption. Improper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release 1 allows remote attackers to establish pairing process without user interaction. Microsoft Bluetooth Driver Spoofing Vulnerability This issue affects Linux kernel: from v2.6.12-rc2 before v6.8-rc1. This vulnerability is associated with program files. Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution of Code. This issue affects Linux kernel: v2.6.12-rc2. ![]() This vulnerability is associated with program files /net/bluetooth/rfcomm/core.C. NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service. A race condition was found in the Linux kernel's bluetooth device driver in _age_set() function. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |