Candidate: CVE-2019-8921
PublicDate: 2021-11-29 08:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8921
 https://ssd-disclosure.com/ssd-advisory-linux-bluez-information-leak-and-heap-overflow/
Description:
 An issue was discovered in bluetoothd in BlueZ through 5.48. The
 vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP
 implementation. By crafting a malicious CSTATE, it is possible to trick the
 server into returning more bytes than the buffer actually holds, resulting
 in leaking arbitrary heap data. The root cause can be found in the function
 service_attr_req of sdpd-request.c. The server does not check whether the
 CSTATE data is the same in consecutive requests, and instead simply trusts
 that it is the same.
Ubuntu-Description:
Notes:
 mdeslaur> This was fixed in bionic by CVE-2021-41229-pre1.patch
Mitigation:
Bugs:
Priority: medium
Discovered-by: Julian Rauchberger
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [6.5 MEDIUM]


Patches_bluez:
 upstream: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=7bf67b32709d828fafa26256b4c78331760c6e93 (5.51)
upstream_bluez: released (5.54-1)
esm-infra/xenial_bluez: needs-triage
trusty_bluez: ignored (out of standard support)
xenial_bluez: ignored (out of standard support)
bionic_bluez: released (5.48-0ubuntu3.6)
focal_bluez: not-affected (5.53-0ubuntu3)
hirsute_bluez: not-affected (5.56-0ubuntu4.3)
impish_bluez: not-affected
jammy_bluez: not-affected
devel_bluez: not-affected