Описание
BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 5.48-0ubuntu3.6 |
| devel | released | 5.62-0ubuntu2 |
| esm-infra/bionic | not-affected | 5.48-0ubuntu3.6 |
| esm-infra/focal | not-affected | 5.53-0ubuntu3.4 |
| esm-infra/xenial | needed | |
| focal | released | 5.53-0ubuntu3.4 |
| hirsute | released | 5.56-0ubuntu4.3 |
| impish | released | 5.60-0ubuntu2.1 |
| jammy | released | 5.62-0ubuntu2 |
| kinetic | released | 5.62-0ubuntu2 |
Показывать по
EPSS
3.3 Low
CVSS2
4.3 Medium
CVSS3
Связанные уязвимости
BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash.
BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash.
BlueZ is a Bluetooth protocol stack for Linux. In affected versions a ...
EPSS
3.3 Low
CVSS2
4.3 Medium
CVSS3