CVE-2020-0556
Publication date 12 March 2020
Last updated 24 July 2024
Ubuntu priority
Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| bluez | ||
| 18.04 LTS bionic |
Fixed 5.48-0ubuntu3.4
|
|
| 16.04 LTS xenial |
Fixed 5.37-0ubuntu5.3
|
|
| 14.04 LTS trusty | Not in release |
Notes
alexmurray
Affects versions before 5.53 according to the Intel advisory
mdeslaur
while the Intel advisory says "below 5.53", the commits that actually fix the issue appear to have been added after 5.53 was released. Marking focal as needed until further information is available. Intel advisory was updates on 2020-03-16 to change fixed version to 5.54.
Patch details
| Package | Patch details |
|---|---|
| bluez |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
7.1 · High
|
| Attack vector | Adjacent |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Changed |
| Confidentiality | Low |
| Integrity impact | Low |
| Availability impact | Low |
| Vector | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L |
References
Related Ubuntu Security Notices (USN)
- USN-4311-1
- BlueZ vulnerabilities
- 30 March 2020