CVE-2021-0129
First published: Wed May 26 2021(Updated: )
A flaw was found in the Linux kernel. Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. The highest threat from this vulnerability is to data confidentiality and integrity.
Credit: secure@intel.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/bluez | <=5.55-3<=5.50-1.2<=5.50-1.2~deb10u1 | 5.58-1~exp0 5.55-3.1 5.50-1.2~deb10u2 |
| redhat/kernel-rt | <0:4.18.0-348.rt7.130.el8 | 0:4.18.0-348.rt7.130.el8 |
| redhat/kernel | <0:4.18.0-348.el8 | 0:4.18.0-348.el8 |
| redhat/kernel | <5.13 | 5.13 |
| All of | ||
| SUSE BlueZ | <5.57 | |
| Any of | ||
| Linux Kernel | >=2.6.12<4.4.270 | |
| Linux Kernel | >=4.9<4.9.270 | |
| Linux Kernel | >=4.14<4.14.234 | |
| Linux Kernel | >=4.19<4.19.192 | |
| Linux Kernel | >=5.4<5.4.122 | |
| Linux Kernel | >=5.10<5.10.40 | |
| Linux Kernel | >=5.12<5.12.7 | |
| Linux Kernel | =5.13-rc1 | |
| Red Hat Enterprise Linux | =7.0 | |
| Red Hat Enterprise Linux | =8.0 | |
| Debian | =9.0 | |
| SUSE BlueZ | <5.57 | |
| Linux Kernel | >=2.6.12<4.4.270 | |
| Linux Kernel | >=4.9<4.9.270 | |
| Linux Kernel | >=4.14<4.14.234 | |
| Linux Kernel | >=4.19<4.19.192 | |
| Linux Kernel | >=5.4<5.4.122 | |
| Linux Kernel | >=5.10<5.10.40 | |
| Linux Kernel | >=5.12<5.12.7 | |
| Linux Kernel | =5.13-rc1 | |
| debian/bluez | 5.55-3.1+deb11u1 5.55-3.1+deb11u2 5.66-1+deb12u2 5.66-1+deb12u1 5.79-1 | |
| debian/linux | 5.10.223-1 5.10.234-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.17-1 |
Remedy
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://security-tracker.debian.org/tracker/CVE-2021-0129
- https://security-tracker.debian.org/tracker/CVE-2020-26558
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0129
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26558
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html
- https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=00da0fb4972cf59e1c075f313da81ea549cb8738
- https://security-tracker.debian.org/tracker/CVE-2021-3588
- https://security-tracker.debian.org/tracker/CVE-2020-27153
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989614
- https://www.cve.org/CVERecord?id=CVE-2021-0129 https://nvd.nist.gov/vuln/detail/CVE-2021-0129
- https://bugzilla.redhat.com/show_bug.cgi?id=1965038
- https://access.redhat.com/errata/RHSA-2021:4140
- https://access.redhat.com/errata/RHSA-2021:4356
- https://access.redhat.com/security/cve/cve-2021-0129
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00022.html
- https://security.gentoo.org/glsa/202209-16
- https://security.netapp.com/advisory/ntap-20210716-0002/
- https://www.debian.org/security/2021/dsa-4951
- https://launchpad.net/bugs/cve/CVE-2021-0129
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1972112
- https://git.kernel.org/linus/6d19628f539fccf899298ff02ee4c73e4bf6df3f
- https://nvd.nist.gov/vuln/detail/CVE-2021-0129
- https://ubuntu.com/security/CVE-2021-0129
Frequently Asked Questions
What is the severity of CVE-2021-0129?
The severity of CVE-2021-0129 is high, as it can potentially allow information disclosure and threat to data confidentiality and integrity.
How do I fix CVE-2021-0129?
To fix CVE-2021-0129, update BlueZ to version 5.58 or later, or apply the necessary kernel patches if you are using a vulnerable version.
Which versions of BlueZ are affected by CVE-2021-0129?
BlueZ versions up to 5.57 are affected by CVE-2021-0129.
What platforms are vulnerable to CVE-2021-0129?
CVE-2021-0129 affects Debian and Red Hat-based distributions running vulnerable versions of BlueZ and the Linux kernel.
Can CVE-2021-0129 be exploited remotely?
CVE-2021-0129 requires an authenticated user with adjacent access to exploit the vulnerability.
- collector/debian-bugs
- alias/CVE-2021-0129
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/weakness
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/references
- agent/last-modified-date
- agent/trending
- agent/source
- agent/author
- collector/usn-cve
- source/Ubuntu
- agent/description
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/tags
- agent/softwarecombine
- agent/event
- collector/security-tracker-debian
- source/Debian
- package-manager/debian
- package-manager/redhat
- vendor/bluez
- canonical/suse bluez
- vendor/linux
- canonical/linux kernel
- version/linux kernel/2.6.12
- version/linux kernel/4.9
- version/linux kernel/4.14
- version/linux kernel/4.19
- version/linux kernel/5.4
- version/linux kernel/5.10
- version/linux kernel/5.12
- version/linux kernel/5.13-rc1
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/7.0
- version/red hat enterprise linux/8.0
- vendor/debian
- canonical/debian
- version/debian/9.0