high
7.1
Advisory Published
CVE Published
Updated

CVE-2020-0556

First published: Thu Mar 12 2020(Updated: )

Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access

Credit: secure@intel.com secure@intel.com

Affected SoftwareAffected VersionHow to fix
debian/bluez<=5.50-1<=5.52-1
5.54-1
5.43-2+deb9u2
5.50-1.2~deb10u1
5.50-1.1
BlueZ BlueZ<5.54
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=19.10
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
openSUSE Leap=15.1
openSUSE Leap=15.2
ubuntu/bluez<5.48-0ubuntu3.4
5.48-0ubuntu3.4
ubuntu/bluez<5.50-0ubuntu5.1
5.50-0ubuntu5.1
ubuntu/bluez<5.54
5.54
ubuntu/bluez<5.37-0ubuntu5.3
5.37-0ubuntu5.3
debian/bluez
5.55-3.1+deb11u1
5.66-1+deb12u2
5.66-1+deb12u1
5.73-1.1

Remedy

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html

Remedy

https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8cdbd3b09f29da29374e2f83369df24228da0ad1

Remedy

https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=3cccdbab2324086588df4ccf5f892fb3ce1f1787

Remedy

https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=35d8d895cd0b724e58129374beb0bb4a2edf9519

Remedy

https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=f2778f5877d20696d68a452b26e4accb91bfb19e

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is CVE-2020-0556?

    CVE-2020-0556 is a vulnerability in BlueZ before version 5.54 that allows an unauthenticated user to potentially enable privilege escalation and denial of service via adjacent access.

  • How severe is CVE-2020-0556?

    CVE-2020-0556 has a severity score of 7.1 (high).

  • Which software versions are affected by CVE-2020-0556?

    BlueZ versions before 5.54 are affected by CVE-2020-0556.

  • How can I fix CVE-2020-0556?

    To fix CVE-2020-0556, update your BlueZ software to version 5.54 or later.

  • Are there any additional resources about CVE-2020-0556?

    Yes, you can refer to the following resources for more information: [Intel Security Advisory](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html), [Gentoo Security Advisory](https://security.gentoo.org/glsa/202003-49), [Debian Security Advisory](https://www.debian.org/security/2020/dsa-4647).

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203