SB2025042201 - Red Hat Enterprise Linux 8 update for bluez
Published: April 22, 2025
Security Bulletin ID
SB2025042201
Severity
Low
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2023-27349)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the handling of the AVRCP protocol. A remote attacker with physical proximity to device can send specially crafted Bluetooth packets to the affected system, trigger memory corruption and execute arbitrary code on the system.
2) Out-of-bounds read (CVE-ID: CVE-2023-51589)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling AVRCP protocol within the parse_media_element() function. A remote attacker can trick the victim into connecting to a malicious device, trigger an out-of-bounds read and gain access to sensitive information.Remediation
Install update from vendor's website.