SUSE update for bluez



Published: 2023-01-30
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2022-3563
CWE-ID CWE-476
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
SUSE Manager Retail Branch Server
Operating systems & Components / Operating system

SUSE Linux Enterprise Workstation Extension
Operating systems & Components / Operating system

SUSE Manager Server
Operating systems & Components / Operating system

SUSE Manager Proxy
Operating systems & Components / Operating system

SUSE Linux Enterprise Module for Desktop Applications
Operating systems & Components / Operating system

SUSE Linux Enterprise Module for Basesystem
Operating systems & Components / Operating system

SUSE Linux Enterprise Desktop
Operating systems & Components / Operating system

SUSE Linux Enterprise Server
Operating systems & Components / Operating system

openSUSE Leap
Operating systems & Components / Operating system

SUSE Linux Enterprise Server for SAP Applications
Operating systems & Components / Operating system

SUSE Linux Enterprise High Performance Computing
Operating systems & Components / Operating system

bluez-auto-enable-devices
Operating systems & Components / Operating system package or component

libbluetooth3-32bit-debuginfo
Operating systems & Components / Operating system package or component

libbluetooth3-32bit
Operating systems & Components / Operating system package or component

bluez-devel-32bit
Operating systems & Components / Operating system package or component

libbluetooth3-debuginfo
Operating systems & Components / Operating system package or component

libbluetooth3
Operating systems & Components / Operating system package or component

bluez-test-debuginfo
Operating systems & Components / Operating system package or component

bluez-test
Operating systems & Components / Operating system package or component

bluez-devel
Operating systems & Components / Operating system package or component

bluez-deprecated-debuginfo
Operating systems & Components / Operating system package or component

bluez-deprecated
Operating systems & Components / Operating system package or component

bluez-debugsource
Operating systems & Components / Operating system package or component

bluez-debuginfo
Operating systems & Components / Operating system package or component

bluez-cups-debuginfo
Operating systems & Components / Operating system package or component

bluez-cups
Operating systems & Components / Operating system package or component

bluez
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) NULL pointer dereference

EUVDB-ID: #VU71644

Risk: Low

CVSSv3.1: 4 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-3563

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows an attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the read_50_controller_cap_complete() function in tools/mgmt-tester.c of the component BlueZ. An attacker with physical proximity to device can send specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Update the affected package bluez to the latest version.

Vulnerable software versions

SUSE Manager Retail Branch Server: 4.3

SUSE Linux Enterprise Workstation Extension: 15-SP4

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

SUSE Linux Enterprise Module for Desktop Applications: 15-SP4

SUSE Linux Enterprise Module for Basesystem: 15-SP4

SUSE Linux Enterprise Desktop: 15-SP4

SUSE Linux Enterprise Server: 15-SP4

openSUSE Leap: 15.4

SUSE Linux Enterprise Server for SAP Applications: 15-SP4

SUSE Linux Enterprise High Performance Computing: 15-SP4

bluez-auto-enable-devices: before 5.62-150400.4.8.1

libbluetooth3-32bit-debuginfo: before 5.62-150400.4.8.1

libbluetooth3-32bit: before 5.62-150400.4.8.1

bluez-devel-32bit: before 5.62-150400.4.8.1

libbluetooth3-debuginfo: before 5.62-150400.4.8.1

libbluetooth3: before 5.62-150400.4.8.1

bluez-test-debuginfo: before 5.62-150400.4.8.1

bluez-test: before 5.62-150400.4.8.1

bluez-devel: before 5.62-150400.4.8.1

bluez-deprecated-debuginfo: before 5.62-150400.4.8.1

bluez-deprecated: before 5.62-150400.4.8.1

bluez-debugsource: before 5.62-150400.4.8.1

bluez-debuginfo: before 5.62-150400.4.8.1

bluez-cups-debuginfo: before 5.62-150400.4.8.1

bluez-cups: before 5.62-150400.4.8.1

bluez: before 5.62-150400.4.8.1

External links

http://www.suse.com/support/update/announcement/2023/suse-su-20230167-1/


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###