CVE-2020-27153 : In BlueZ before 5.55, a double free was found in the gatttool disconnect

In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event.

Published 2020-10-15 03:15:12

Updated 2022-04-05 15:59:37

Source MITRE

View at NVD, CVE.org

Vulnerability category: Memory CorruptionDenial of service

Products affected by CVE-2020-27153

Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Matching versions
Opensuse » Leap » Version: 15.1
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
Matching versions
Opensuse » Leap » Version: 15.2
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
Matching versions
Bluez » Bluez
Versions before (<) 5.55
cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-27153

EPSS FAQ

1.67%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 81 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-27153

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
8.6	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H	3.9	4.7	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: High

CWE ids for CVE-2020-27153

CWE-415 Double Free

The product calls free() twice on the same memory address.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-27153

https://lists.debian.org/debian-lts-announce/2020/10/msg00022.html

[SECURITY] [DLA 2410-1] bluez security update
Mailing List;Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00034.html

[security-announce] openSUSE-SU-2020:1876-1: moderate: Security update f
Mailing List;Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00036.html

[security-announce] openSUSE-SU-2020:1880-1: moderate: Security update f
Mailing List;Third Party Advisory
https://security.gentoo.org/glsa/202011-01

BlueZ: Arbitrary code execution (GLSA 202011-01) — Gentoo security
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1884817

1884817 – bluez: double free in gatttool client disconnect callback handler in src/shared/att.c could lead to DoS or RCE
Issue Tracking;Third Party Advisory
https://github.com/bluez/bluez/commit/5a180f2ec9edfacafd95e5fed20d36fe8e077f07

Release 5.55 · bluez/bluez@5a180f2 · GitHub
Patch;Third Party Advisory
https://github.com/bluez/bluez/commit/1cd644db8c23a2f530ddb93cebed7dacc5f5721a

shared/att: Fix possible crash on disconnect · bluez/bluez@1cd644d · GitHub
Patch;Third Party Advisory
https://www.debian.org/security/2021/dsa-4951

Debian -- Security Information -- DSA-4951-1 bluez
Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2020-27153

Products affected by CVE-2020-27153

Exploit prediction scoring system (EPSS) score for CVE-2020-27153

CVSS scores for CVE-2020-27153

CWE ids for CVE-2020-27153

References for CVE-2020-27153