CVE-2022-0204 A heap overflow vulnerability was found in bluez in versions prior to 5.63
An attacker could take advantage of this vulnerability to cause an application to crash or gain access to sensitive information. Furthermore, this vulnerability could be exploited remotely to cause a denial of service against the targeted application.
BlueZ is a Linux kernel component that enables Bluetooth devices. It allows a user to connect to a Bluetooth device, monitor its status, and pair a device with the user’s system.
It is possible to exploit this vulnerability by sending a specially crafted file to the targeted system. An attacker could send any file to the targeted system that the user could accept by using the bluez remote access service.
An attacker could exploit this vulnerability to cause a remote denial of service against the targeted system.
The vendor has released a new version 5.63 of BlueZ to address this vulnerability. Devices that are running this version or an older version should update to the latest version to address this vulnerability. End users can check their system’s version by using the uname -a command in a terminal window.
Vulnerability Details
CVE-2022-0204 is a vulnerability in the BlueZ Linux kernel component of which could be exploited by an attacker to cause a denial of service against the targeted system. Given that this vulnerability can also be exploited remotely, it is important for end users and administrators to update the latest version of BlueZ that resolves this issue. End users can check their system’s version by using the uname -a command in a terminal window.
BlueZ is a Linux kernel component that enables Bluetooth devices. It allows a user to connect to a Bluetooth device, monitor its status, and pair a device with the user’s system.
It is possible to exploit this vulnerability by sending a specially crafted file to the targeted system. An attacker could send any file to the targeted system that the user could accept by using the bluez remote access service.
An attacker could exploit this vulnerability to cause a remote denial of service against the targeted system
Timeline
Published on: 03/10/2022 17:44:00 UTC
Last modified on: 04/26/2022 17:01:00 UTC