Ubuntu.comUB:CVE-2021-0129CVE-2021-0129
5.7 Medium
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.7 Low
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:A/AC:L/Au:S/C:P/I:N/A:N
0.0005 Low
EPSS
Percentile
16.2%
Improper access control in BlueZ may allow an authenticated user to
potentially enable information disclosure via adjacent access.
Notes
| Author | Note |
|---|---|
| alexmurray | INTEL-SA-00517 |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | bluez | <Β 5.48-0ubuntu3.5 | UNKNOWN |
| ubuntu | 20.04 | noarch | bluez | <Β 5.53-0ubuntu3.2 | UNKNOWN |
| ubuntu | 20.10 | noarch | bluez | <Β 5.55-0ubuntu1.2 | UNKNOWN |
| ubuntu | 21.04 | noarch | bluez | <Β 5.56-0ubuntu4.1 | UNKNOWN |
| ubuntu | 16.04 | noarch | bluez | <Β 5.37-0ubuntu5.3+esm1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
| ubuntu | 18.04 | noarch | linux | <Β 4.15.0-151.157 | UNKNOWN |
| ubuntu | 20.04 | noarch | linux | <Β 5.4.0-80.90 | UNKNOWN |
| ubuntu | 21.04 | noarch | linux | <Β 5.11.0-31.33 | UNKNOWN |
| ubuntu | 16.04 | noarch | linux | <Β 4.4.0-219.252) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
| ubuntu | 18.04 | noarch | linux-aws | <Β 4.15.0-1109.116 | UNKNOWN |
References
git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=00da0fb4972cf59e1c075f313da81ea549cb8738
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6d19628f539fccf899298ff02ee4c73e4bf6df3f
launchpad.net/bugs/cve/CVE-2021-0129
nvd.nist.gov/vuln/detail/CVE-2021-0129
security-tracker.debian.org/tracker/CVE-2021-0129
ubuntu.com/security/notices/USN-5017-1
ubuntu.com/security/notices/USN-5018-1
ubuntu.com/security/notices/USN-5046-1
ubuntu.com/security/notices/USN-5050-1
ubuntu.com/security/notices/USN-5299-1
ubuntu.com/security/notices/USN-5343-1
www.cve.org/CVERecord?id=CVE-2021-0129
www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html
Related
5.7 Medium
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.7 Low
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:A/AC:L/Au:S/C:P/I:N/A:N
0.0005 Low
EPSS
Percentile
16.2%