CVE-2023-27349

2024-05-0300:00:00

ubuntu.com

bluez

audio profile

avrcp

remote code execution

vulnerability

bluetooth

user interaction

malicious device

avrcp protocol

data validation

allocated buffer

root context

zdi-can-19908

unix

7.1 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.8%

JSON

BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code
Execution Vulnerability. This vulnerability allows network-adjacent
attackers to execute arbitrary code via Bluetooth on affected installations
of BlueZ. User interaction is required to exploit this vulnerability in
that the target must connect to a malicious device. The specific flaw
exists within the handling of the AVRCP protocol. The issue results from
the lack of proper validation of user-supplied data, which can result in a
write past the end of an allocated buffer. An attacker can leverage this
vulnerability to execute code in the context of root. Was ZDI-CAN-19908.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchbluez< 5.48-0ubuntu3.9+esm2UNKNOWN
ubuntu20.04noarchbluez< 5.53-0ubuntu3.8UNKNOWN
ubuntu22.04noarchbluez< 5.64-0ubuntu1.3UNKNOWN
ubuntu16.04noarchbluez< 5.37-0ubuntu5.3+esm4UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	bluez	< 5.48-0ubuntu3.9+esm2	UNKNOWN
ubuntu	20.04	noarch	bluez	< 5.53-0ubuntu3.8	UNKNOWN
ubuntu	22.04	noarch	bluez	< 5.64-0ubuntu1.3	UNKNOWN
ubuntu	16.04	noarch	bluez	< 5.37-0ubuntu5.3+esm4	UNKNOWN