Vulnerability identifier: #VU75105

Vulnerability risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-27349

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
BlueZ
Universal components / Libraries / Libraries used by multiple products

Vendor: BlueZ Project

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the handling of the AVRCP protocol. A remote attacker with physical proximity to device can send specially crafted Bluetooth packets to the affected system, trigger memory corruption and execute arbitrary code on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

BlueZ: 5.0 - 5.66

---

External links
http://www.zerodayinitiative.com/advisories/ZDI-23-386/
http://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=f54299a850676d92c3dafd83e9174fcfe420ccc9

---

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.