Vulnerability Details CVE-2020-27153
In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.017
EPSS Ranking 81.3%
CVSS Severity
CVSS v3 Score 8.6
CVSS v2 Score 7.5
References
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00034.html
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00036.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1884817
- https://github.com/bluez/bluez/commit/1cd644db8c23a2f530ddb93cebed7dacc5f5721a
- https://github.com/bluez/bluez/commit/5a180f2ec9edfacafd95e5fed20d36fe8e077f07
- https://lists.debian.org/debian-lts-announce/2020/10/msg00022.html
- https://security.gentoo.org/glsa/202011-01
- https://www.debian.org/security/2021/dsa-4951
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00034.html
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00036.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1884817
- https://github.com/bluez/bluez/commit/1cd644db8c23a2f530ddb93cebed7dacc5f5721a
- https://github.com/bluez/bluez/commit/5a180f2ec9edfacafd95e5fed20d36fe8e077f07
- https://lists.debian.org/debian-lts-announce/2020/10/msg00022.html
- https://security.gentoo.org/glsa/202011-01
- https://www.debian.org/security/2021/dsa-4951
Products affected by CVE-2020-27153
-
cpe:2.3:a:bluez:bluez:-
-
cpe:2.3:a:bluez:bluez:4.0
-
cpe:2.3:a:bluez:bluez:4.1
-
cpe:2.3:a:bluez:bluez:4.10
-
cpe:2.3:a:bluez:bluez:4.100
-
cpe:2.3:a:bluez:bluez:4.101
-
cpe:2.3:a:bluez:bluez:4.11
-
cpe:2.3:a:bluez:bluez:4.12
-
cpe:2.3:a:bluez:bluez:4.13
-
cpe:2.3:a:bluez:bluez:4.14
-
cpe:2.3:a:bluez:bluez:4.15
-
cpe:2.3:a:bluez:bluez:4.16
-
cpe:2.3:a:bluez:bluez:4.17
-
cpe:2.3:a:bluez:bluez:4.18
-
cpe:2.3:a:bluez:bluez:4.19
-
cpe:2.3:a:bluez:bluez:4.2
-
cpe:2.3:a:bluez:bluez:4.20
-
cpe:2.3:a:bluez:bluez:4.21
-
cpe:2.3:a:bluez:bluez:4.22
-
cpe:2.3:a:bluez:bluez:4.23
-
cpe:2.3:a:bluez:bluez:4.24
-
cpe:2.3:a:bluez:bluez:4.25
-
cpe:2.3:a:bluez:bluez:4.26
-
cpe:2.3:a:bluez:bluez:4.27
-
cpe:2.3:a:bluez:bluez:4.28
-
cpe:2.3:a:bluez:bluez:4.29
-
cpe:2.3:a:bluez:bluez:4.3
-
cpe:2.3:a:bluez:bluez:4.30
-
cpe:2.3:a:bluez:bluez:4.31
-
cpe:2.3:a:bluez:bluez:4.32
-
cpe:2.3:a:bluez:bluez:4.33
-
cpe:2.3:a:bluez:bluez:4.34
-
cpe:2.3:a:bluez:bluez:4.35
-
cpe:2.3:a:bluez:bluez:4.36
-
cpe:2.3:a:bluez:bluez:4.37
-
cpe:2.3:a:bluez:bluez:4.38
-
cpe:2.3:a:bluez:bluez:4.39
-
cpe:2.3:a:bluez:bluez:4.4
-
cpe:2.3:a:bluez:bluez:4.40
-
cpe:2.3:a:bluez:bluez:4.41
-
cpe:2.3:a:bluez:bluez:4.42
-
cpe:2.3:a:bluez:bluez:4.43
-
cpe:2.3:a:bluez:bluez:4.44
-
cpe:2.3:a:bluez:bluez:4.45
-
cpe:2.3:a:bluez:bluez:4.46
-
cpe:2.3:a:bluez:bluez:4.47
-
cpe:2.3:a:bluez:bluez:4.48
-
cpe:2.3:a:bluez:bluez:4.49
-
cpe:2.3:a:bluez:bluez:4.5
-
cpe:2.3:a:bluez:bluez:4.50
-
cpe:2.3:a:bluez:bluez:4.51
-
cpe:2.3:a:bluez:bluez:4.52
-
cpe:2.3:a:bluez:bluez:4.53
-
cpe:2.3:a:bluez:bluez:4.54
-
cpe:2.3:a:bluez:bluez:4.55
-
cpe:2.3:a:bluez:bluez:4.56
-
cpe:2.3:a:bluez:bluez:4.57
-
cpe:2.3:a:bluez:bluez:4.58
-
cpe:2.3:a:bluez:bluez:4.59
-
cpe:2.3:a:bluez:bluez:4.6
-
cpe:2.3:a:bluez:bluez:4.60
-
cpe:2.3:a:bluez:bluez:4.61
-
cpe:2.3:a:bluez:bluez:4.62
-
cpe:2.3:a:bluez:bluez:4.63
-
cpe:2.3:a:bluez:bluez:4.64
-
cpe:2.3:a:bluez:bluez:4.65
-
cpe:2.3:a:bluez:bluez:4.66
-
cpe:2.3:a:bluez:bluez:4.67
-
cpe:2.3:a:bluez:bluez:4.68
-
cpe:2.3:a:bluez:bluez:4.69
-
cpe:2.3:a:bluez:bluez:4.7
-
cpe:2.3:a:bluez:bluez:4.70
-
cpe:2.3:a:bluez:bluez:4.71
-
cpe:2.3:a:bluez:bluez:4.72
-
cpe:2.3:a:bluez:bluez:4.73
-
cpe:2.3:a:bluez:bluez:4.74
-
cpe:2.3:a:bluez:bluez:4.75
-
cpe:2.3:a:bluez:bluez:4.76
-
cpe:2.3:a:bluez:bluez:4.77
-
cpe:2.3:a:bluez:bluez:4.78
-
cpe:2.3:a:bluez:bluez:4.79
-
cpe:2.3:a:bluez:bluez:4.8
-
cpe:2.3:a:bluez:bluez:4.80
-
cpe:2.3:a:bluez:bluez:4.81
-
cpe:2.3:a:bluez:bluez:4.82
-
cpe:2.3:a:bluez:bluez:4.83
-
cpe:2.3:a:bluez:bluez:4.84
-
cpe:2.3:a:bluez:bluez:4.85
-
cpe:2.3:a:bluez:bluez:4.86
-
cpe:2.3:a:bluez:bluez:4.87
-
cpe:2.3:a:bluez:bluez:4.88
-
cpe:2.3:a:bluez:bluez:4.89
-
cpe:2.3:a:bluez:bluez:4.9
-
cpe:2.3:a:bluez:bluez:4.90
-
cpe:2.3:a:bluez:bluez:4.91
-
cpe:2.3:a:bluez:bluez:4.92
-
cpe:2.3:a:bluez:bluez:4.93
-
cpe:2.3:a:bluez:bluez:4.94
-
cpe:2.3:a:bluez:bluez:4.95
-
cpe:2.3:a:bluez:bluez:4.96
-
cpe:2.3:a:bluez:bluez:4.97
-
cpe:2.3:a:bluez:bluez:4.98
-
cpe:2.3:a:bluez:bluez:4.99
-
cpe:2.3:a:bluez:bluez:5.0
-
cpe:2.3:a:bluez:bluez:5.1
-
cpe:2.3:a:bluez:bluez:5.10
-
cpe:2.3:a:bluez:bluez:5.11
-
cpe:2.3:a:bluez:bluez:5.12
-
cpe:2.3:a:bluez:bluez:5.13
-
cpe:2.3:a:bluez:bluez:5.14
-
cpe:2.3:a:bluez:bluez:5.15
-
cpe:2.3:a:bluez:bluez:5.16
-
cpe:2.3:a:bluez:bluez:5.17
-
cpe:2.3:a:bluez:bluez:5.18
-
cpe:2.3:a:bluez:bluez:5.19
-
cpe:2.3:a:bluez:bluez:5.2
-
cpe:2.3:a:bluez:bluez:5.20
-
cpe:2.3:a:bluez:bluez:5.21
-
cpe:2.3:a:bluez:bluez:5.22
-
cpe:2.3:a:bluez:bluez:5.23
-
cpe:2.3:a:bluez:bluez:5.24
-
cpe:2.3:a:bluez:bluez:5.25
-
cpe:2.3:a:bluez:bluez:5.26
-
cpe:2.3:a:bluez:bluez:5.27
-
cpe:2.3:a:bluez:bluez:5.28
-
cpe:2.3:a:bluez:bluez:5.29
-
cpe:2.3:a:bluez:bluez:5.3
-
cpe:2.3:a:bluez:bluez:5.30
-
cpe:2.3:a:bluez:bluez:5.31
-
cpe:2.3:a:bluez:bluez:5.32
-
cpe:2.3:a:bluez:bluez:5.33
-
cpe:2.3:a:bluez:bluez:5.34
-
cpe:2.3:a:bluez:bluez:5.35
-
cpe:2.3:a:bluez:bluez:5.36
-
cpe:2.3:a:bluez:bluez:5.37
-
cpe:2.3:a:bluez:bluez:5.38
-
cpe:2.3:a:bluez:bluez:5.39
-
cpe:2.3:a:bluez:bluez:5.4
-
cpe:2.3:a:bluez:bluez:5.40
-
cpe:2.3:a:bluez:bluez:5.41
-
cpe:2.3:a:bluez:bluez:5.42
-
cpe:2.3:a:bluez:bluez:5.43
-
cpe:2.3:a:bluez:bluez:5.44
-
cpe:2.3:a:bluez:bluez:5.45
-
cpe:2.3:a:bluez:bluez:5.46
-
cpe:2.3:a:bluez:bluez:5.47
-
cpe:2.3:a:bluez:bluez:5.48
-
cpe:2.3:a:bluez:bluez:5.49
-
cpe:2.3:a:bluez:bluez:5.5
-
cpe:2.3:a:bluez:bluez:5.50
-
cpe:2.3:a:bluez:bluez:5.51
-
cpe:2.3:a:bluez:bluez:5.52
-
cpe:2.3:a:bluez:bluez:5.53
-
cpe:2.3:a:bluez:bluez:5.54
-
cpe:2.3:a:bluez:bluez:5.6
-
cpe:2.3:a:bluez:bluez:5.7
-
cpe:2.3:a:bluez:bluez:5.8
-
cpe:2.3:a:bluez:bluez:5.9
-
cpe:2.3:o:debian:debian_linux:10.0
-
cpe:2.3:o:debian:debian_linux:9.0
-
cpe:2.3:o:opensuse:leap:15.1
-
cpe:2.3:o:opensuse:leap:15.2