BlueZ Resource Management Error Vulnerability (CNVD-2021-92546)

BlueZ is a Bluetooth protocol stack written in C that is primarily used to provide support for the core Bluetooth layer and protocol. blueZ is vulnerable to a resource management error that stems from a vulnerability in the affected version of sdp’s cstate alloc buf, which allocates memory that always hangs in the cstate single-chain table and is not freed, leading to a memory leak over This can lead to memory leaks over time. An attacker could exploit the vulnerability by constantly sending sdp packets, which could eventually cause the target device’s service to crash.