A vulnerability in BlueZ might allow remote attackers to bypass security restrictions.
Package | net-wireless/bluez on all architectures |
---|---|
Affected versions | < 5.54 |
Unaffected versions | >= 5.54 |
Set of tools to manage Bluetooth devices for Linux.
It was discovered that the HID and HOGP profiles implementations in BlueZ did not specifically require bonding between the device and the host.
A remote attacker with adjacent access could impersonate an existing HID device, cause a Denial of Service condition or escalate privileges.
There is no known workaround at this time.
All BlueZ users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-wireless/bluez-5.54"
Release date
March 25, 2020
Latest revision
March 25, 2020: 1
Severity
high
Exploitable
remote
Bugzilla entries