Search CVE reports

31 – 40 of 53 results

Detailed view

Sort by:

CVE-2020-26558

Medium priority

Some fixes available 63 of 72

Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure)...

135 affected packages

bluez, linux, linux-allwinner, linux-allwinner-5.19, linux-aws...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
bluez	Not affected	Not affected	Fixed	Fixed	Fixed
linux	Not affected	Not affected	Fixed	Fixed	Fixed
linux-allwinner	Not in release	Not in release	Not in release	Not in release	Not in release
linux-allwinner-5.19	Not in release	Not affected	Not in release	Not in release	Not in release
linux-aws	Not affected	Not affected	Fixed	Fixed	Fixed
linux-aws-5.0	Not in release	Not in release	Not in release	Ignored	Not in release
linux-aws-5.11	Not in release	Not in release	Fixed	Not in release	Not in release
linux-aws-5.13	Not in release	Not in release	Not affected	Not in release	Not in release
linux-aws-5.15	Not in release	Not in release	Not affected	Not in release	Not in release
linux-aws-5.19	Not in release	Not affected	Not in release	Not in release	Not in release
linux-aws-5.3	Not in release	Not in release	Not in release	Ignored	Not in release
linux-aws-5.4	Not in release	Not in release	Not in release	Fixed	Not in release
linux-aws-5.8	Not in release	Not in release	Fixed	Not in release	Not in release
linux-aws-6.2	Not in release	Not affected	Not in release	Not in release	Not in release
linux-aws-6.5	Not in release	Not affected	Not in release	Not in release	Not in release
linux-aws-6.8	Not in release	Not affected	Not in release	Not in release	Not in release
linux-aws-fips	Not in release	Not in release	Not in release	Not in release	Not in release
linux-aws-hwe	Not in release	Not in release	Not in release	Not in release	Fixed
linux-azure	Not affected	Not affected	Fixed	Ignored	Fixed
linux-azure-4.15	Not in release	Not in release	Not in release	Fixed	Not in release
linux-azure-5.11	Not in release	Not in release	Fixed	Not in release	Not in release
linux-azure-5.13	Not in release	Not in release	Not affected	Not in release	Not in release
linux-azure-5.15	Not in release	Not in release	Not affected	Not in release	Not in release
linux-azure-5.19	Not in release	Not affected	Not in release	Not in release	Not in release
linux-azure-5.3	Not in release	Not in release	Not in release	Ignored	Not in release
linux-azure-5.4	Not in release	Not in release	Not in release	Fixed	Not in release
linux-azure-5.8	Not in release	Not in release	Fixed	Not in release	Not in release
linux-azure-6.2	Not in release	Not affected	Not in release	Not in release	Not in release
linux-azure-6.5	Not in release	Not affected	Not in release	Not in release	Not in release
linux-azure-edge	Not in release	Not in release	Not in release	Ignored	Not in release
linux-azure-fde	Not in release	Not affected	Fixed	Not in release	Not in release
linux-azure-fde-5.15	Not in release	Not in release	Not affected	Not in release	Not in release
linux-azure-fde-5.19	Not in release	Not affected	Not in release	Not in release	Not in release
linux-azure-fde-6.2	Not in release	Not affected	Not in release	Not in release	Not in release
linux-azure-fips	Not in release	Not in release	Not in release	Not in release	Not in release
linux-bluefield	Not in release	Not in release	Fixed	Not in release	Not in release
linux-dell300x	Not in release	Not in release	Not in release	Fixed	Not in release
linux-fips	Not in release	Not in release	Not in release	Not in release	Not in release
linux-gcp	Not affected	Not affected	Fixed	Ignored	Fixed
linux-gcp-4.15	Not in release	Not in release	Not in release	Fixed	Not in release
linux-gcp-5.11	Not in release	Not in release	Fixed	Not in release	Not in release
linux-gcp-5.13	Not in release	Not in release	Not affected	Not in release	Not in release
linux-gcp-5.15	Not in release	Not in release	Not affected	Not in release	Not in release
linux-gcp-5.19	Not in release	Not affected	Not in release	Not in release	Not in release
linux-gcp-5.3	Not in release	Not in release	Not in release	Ignored	Not in release
linux-gcp-5.4	Not in release	Not in release	Not in release	Fixed	Not in release
linux-gcp-5.8	Not in release	Not in release	Fixed	Not in release	Not in release
linux-gcp-6.2	Not in release	Not affected	Not in release	Not in release	Not in release
linux-gcp-6.5	Not in release	Not affected	Not in release	Not in release	Not in release
linux-gcp-6.8	Not in release	Not affected	Not in release	Not in release	Not in release
linux-gcp-edge	Not in release	Not in release	Not in release	Ignored	Not in release
linux-gcp-fips	Not in release	Not in release	Not in release	Not in release	Not in release
linux-gke	Not affected	Not affected	Fixed	Not in release	Ignored
linux-gke-4.15	Not in release	Not in release	Not in release	Ignored	Not in release
linux-gke-5.0	Not in release	Not in release	Not in release	Ignored	Not in release
linux-gke-5.15	Not in release	Not in release	Not affected	Not in release	Not in release
linux-gke-5.3	Not in release	Not in release	Not in release	Ignored	Not in release
linux-gke-5.4	Not in release	Not in release	Not in release	Fixed	Not in release
linux-gkeop	Not in release	Not affected	Fixed	Not in release	Not in release
linux-gkeop-5.15	Not in release	Not in release	Not affected	Not in release	Not in release
linux-gkeop-5.4	Not in release	Not in release	Not in release	Fixed	Not in release
linux-hwe	Not in release	Not in release	Not in release	Ignored	Fixed
linux-hwe-5.11	Not in release	Not in release	Fixed	Not in release	Not in release
linux-hwe-5.13	Not in release	Not in release	Not affected	Not in release	Not in release
linux-hwe-5.15	Not in release	Not in release	Not affected	Not in release	Not in release
linux-hwe-5.19	Not in release	Not affected	Not in release	Not in release	Not in release
linux-hwe-5.4	Not in release	Not in release	Not in release	Fixed	Not in release
linux-hwe-5.8	Not in release	Not in release	Ignored	Not in release	Not in release
linux-hwe-6.2	Not in release	Not affected	Not in release	Not in release	Not in release
linux-hwe-6.5	Not in release	Not affected	Not in release	Not in release	Not in release
linux-hwe-6.8	Not in release	Not affected	Not in release	Not in release	Not in release
linux-hwe-edge	Not in release	Not in release	Not in release	Ignored	Ignored
linux-ibm	Not affected	Not affected	Not affected	Not in release	Not in release
linux-ibm-5.15	Not in release	Not in release	Not affected	Not in release	Not in release
linux-ibm-5.4	Not in release	Not in release	Not in release	Not affected	Not in release
linux-intel	Not affected	Not in release	Not in release	Not in release	Not in release
linux-intel-5.13	Not in release	Not in release	Not affected	Not in release	Not in release
linux-intel-iot-realtime	Not in release	Not in release	Not in release	Not in release	Not in release
linux-intel-iotg	Not in release	Not affected	Not in release	Not in release	Not in release
linux-intel-iotg-5.15	Not in release	Not in release	Not affected	Not in release	Not in release
linux-iot	Not in release	Not in release	Not affected	Not in release	Not in release
linux-kvm	Not in release	Not affected	Fixed	Fixed	Fixed
linux-laptop	Not in release	Not in release	Not in release	Not in release	Not in release
linux-lowlatency	Not affected	Not affected	Not in release	Not in release	Not in release
linux-lowlatency-hwe-5.15	Not in release	Not in release	Not affected	Not in release	Not in release
linux-lowlatency-hwe-5.19	Not in release	Not affected	Not in release	Not in release	Not in release
linux-lowlatency-hwe-6.2	Not in release	Not affected	Not in release	Not in release	Not in release
linux-lowlatency-hwe-6.5	Not in release	Not affected	Not in release	Not in release	Not in release
linux-lowlatency-hwe-6.8	Not in release	Not affected	Not in release	Not in release	Not in release
linux-lts-xenial	Not in release	Not in release	Not in release	Not in release	Not in release
linux-nvidia	Not affected	Not affected	Not in release	Not in release	Not in release
linux-nvidia-6.2	Not in release	Not affected	Not in release	Not in release	Not in release
linux-nvidia-6.5	Not in release	Not affected	Not in release	Not in release	Not in release
linux-nvidia-6.8	Not in release	Not affected	Not in release	Not in release	Not in release
linux-nvidia-lowlatency	Not affected	Not in release	Not in release	Not in release	Not in release
linux-oem	Not in release	Not in release	Not in release	Ignored	Ignored
linux-oem-5.10	Not in release	Not in release	Fixed	Not in release	Not in release
linux-oem-5.13	Not in release	Not in release	Not affected	Not in release	Not in release
linux-oem-5.14	Not in release	Not in release	Not affected	Not in release	Not in release
linux-oem-5.17	Not in release	Not affected	Not in release	Not in release	Not in release
linux-oem-5.6	Not in release	Not in release	Ignored	Not in release	Not in release
linux-oem-6.0	Not in release	Not affected	Not in release	Not in release	Not in release
linux-oem-6.1	Not in release	Not affected	Not in release	Not in release	Not in release
linux-oem-6.5	Not in release	Not affected	Not in release	Not in release	Not in release
linux-oem-6.8	Not affected	Not in release	Not in release	Not in release	Not in release
linux-oem-osp1	Not in release	Not in release	Not in release	Ignored	Not in release
linux-oracle	Not affected	Not affected	Fixed	Fixed	Fixed
linux-oracle-5.0	Not in release	Not in release	Not in release	Ignored	Not in release
linux-oracle-5.11	Not in release	Not in release	Fixed	Not in release	Not in release
linux-oracle-5.13	Not in release	Not in release	Not affected	Not in release	Not in release
linux-oracle-5.15	Not in release	Not in release	Not affected	Not in release	Not in release
linux-oracle-5.3	Not in release	Not in release	Not in release	Ignored	Not in release
linux-oracle-5.4	Not in release	Not in release	Not in release	Fixed	Not in release
linux-oracle-5.8	Not in release	Not in release	Fixed	Not in release	Not in release
linux-oracle-6.5	Not in release	Not affected	Not in release	Not in release	Not in release
linux-oracle-6.8	Not in release	Not affected	Not in release	Not in release	Not in release
linux-raspi	Not affected	Not affected	Fixed	Not in release	Not in release
linux-raspi-5.4	Not in release	Not in release	Not in release	Fixed	Not in release
linux-raspi-realtime	Not in release	Not in release	Not in release	Not in release	Not in release
linux-raspi2	Not in release	Not in release	Ignored	Fixed	Ignored
linux-raspi2-5.3	Not in release	Not in release	Not in release	Ignored	Not in release
linux-realtime	Not in release	Ignored	Not in release	Not in release	Not in release
linux-riscv	Not affected	Not affected	Ignored	Not in release	Not in release
linux-riscv-5.11	Not in release	Not in release	Fixed	Not in release	Not in release
linux-riscv-5.15	Not in release	Not in release	Not affected	Not in release	Not in release
linux-riscv-5.19	Not in release	Not affected	Not in release	Not in release	Not in release
linux-riscv-5.8	Not in release	Not in release	Ignored	Not in release	Not in release
linux-riscv-6.5	Not in release	Not affected	Not in release	Not in release	Not in release
linux-riscv-6.8	Not in release	Not affected	Not in release	Not in release	Not in release
linux-snapdragon	Not in release	Not in release	Not in release	Fixed	Ignored
linux-starfive	Not in release	Not in release	Not in release	Not in release	Not in release
linux-starfive-5.19	Not in release	Not affected	Not in release	Not in release	Not in release
linux-starfive-6.2	Not in release	Not affected	Not in release	Not in release	Not in release
linux-starfive-6.5	Not in release	Not affected	Not in release	Not in release	Not in release
linux-xilinx-zynqmp	Not in release	Not affected	Not affected	Not in release	Not in release

CVE-2020-27153

Low priority

Fixed

In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant...

1 affected packages

bluez

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
bluez	—	Fixed	Fixed	Fixed	Fixed

CVE-2020-10134

Medium priority

Vulnerable

Pairing in Bluetooth® Core v5.2 and earlier may permit an unauthenticated attacker to acquire credentials with two pairing devices via adjacent access when the unauthenticated user initiates different pairing methods in each peer...

1 affected packages

bluez

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
bluez	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable

CVE-2020-9770

Low priority

Vulnerable

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4. An attacker in a privileged network position may be able to intercept Bluetooth traffic.

1 affected packages

bluez

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
bluez	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable

CVE-2020-0556

Medium priority

Fixed

Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access

1 affected packages

bluez

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
bluez	—	—	—	Fixed	Fixed

CVE-2018-10910

Low priority

Some fixes available 1 of 6

A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any...

2 affected packages

bluez, gnome-bluetooth

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
bluez	—	—	—	Ignored	Ignored
gnome-bluetooth	—	—	—	Fixed	Not affected

CVE-2017-13220

Medium priority

Some fixes available 2 of 5

An elevation of privilege vulnerability in the Upstream kernel bluez. Product: Android. Versions: Android kernel. Android ID: A-63527053.

24 affected packages

bluez, linux, linux-aws, linux-azure, linux-euclid...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
bluez	—	—	—	Not affected	Not affected
linux	—	—	—	Not affected	Not affected
linux-aws	—	—	—	Not affected	Not affected
linux-azure	—	—	—	Not affected	Not affected
linux-euclid	—	—	—	Not in release	Not affected
linux-flo	—	—	—	Not in release	Ignored
linux-gcp	—	—	—	Not affected	Not affected
linux-gke	—	—	—	Not in release	Ignored
linux-goldfish	—	—	—	Not in release	Ignored
linux-grouper	—	—	—	Not in release	Not in release
linux-hwe	—	—	—	Not affected	Not affected
linux-hwe-edge	—	—	—	Fixed	Not affected
linux-kvm	—	—	—	Not affected	Not affected
linux-lts-trusty	—	—	—	Not in release	Not in release
linux-lts-utopic	—	—	—	Not in release	Not in release
linux-lts-vivid	—	—	—	Not in release	Not in release
linux-lts-wily	—	—	—	Not in release	Not in release
linux-lts-xenial	—	—	—	Not in release	Not in release
linux-maguro	—	—	—	Not in release	Not in release
linux-mako	—	—	—	Not in release	Ignored
linux-manta	—	—	—	Not in release	Not in release
linux-oem	—	—	—	Not affected	Not affected
linux-raspi2	—	—	—	Not affected	Not affected
linux-snapdragon	—	—	—	Not affected	Not affected

CVE-2017-1000250

High priority

Fixed

All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory....

1 affected packages

bluez

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
bluez	—	—	—	—	Fixed

CVE-2016-7837

Low priority

Some fixes available 2 of 4

Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities.

1 affected packages

bluez

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
bluez	—	—	—	Not affected	Fixed

CVE-2016-9918

Negligible priority

Vulnerable

In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.

1 affected packages

bluez

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
bluez	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable

Export to JSON

Results by page: