- Vulnerability/
- USN-6540-1
USN-6540-1: BlueZ vulnerability
First published: Thu Dec 07 2023(Updated: )
It was discovered that BlueZ did not properly restrict non-bonded devices from injecting HID events into the input subsystem. This could allow a physically proximate attacker to inject keystrokes and execute arbitrary commands whilst the device is discoverable.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/bluez | <5.68-0ubuntu1.1 | 5.68-0ubuntu1.1 |
| Ubuntu Ubuntu | =23.10 | |
| All of | ||
| ubuntu/libbluetooth3 | <5.68-0ubuntu1.1 | 5.68-0ubuntu1.1 |
| Ubuntu Ubuntu | =23.10 | |
| All of | ||
| ubuntu/bluez | <5.66-0ubuntu1.1 | 5.66-0ubuntu1.1 |
| Ubuntu Ubuntu | =23.04 | |
| All of | ||
| ubuntu/libbluetooth3 | <5.66-0ubuntu1.1 | 5.66-0ubuntu1.1 |
| Ubuntu Ubuntu | =23.04 | |
| All of | ||
| ubuntu/bluez | <5.64-0ubuntu1.1 | 5.64-0ubuntu1.1 |
| Ubuntu Ubuntu | =22.04 | |
| All of | ||
| ubuntu/libbluetooth3 | <5.64-0ubuntu1.1 | 5.64-0ubuntu1.1 |
| Ubuntu Ubuntu | =22.04 | |
| All of | ||
| ubuntu/bluez | <5.53-0ubuntu3.7 | 5.53-0ubuntu3.7 |
| Ubuntu Ubuntu | =20.04 | |
| All of | ||
| ubuntu/libbluetooth3 | <5.53-0ubuntu3.7 | 5.53-0ubuntu3.7 |
| Ubuntu Ubuntu | =20.04 | |
| All of | ||
| ubuntu/bluez | <5.48-0ubuntu3.9+esm1 | 5.48-0ubuntu3.9+esm1 |
| Ubuntu Ubuntu | =18.04 | |
| All of | ||
| ubuntu/libbluetooth3 | <5.48-0ubuntu3.9+esm1 | 5.48-0ubuntu3.9+esm1 |
| Ubuntu Ubuntu | =18.04 | |
| All of | ||
| ubuntu/bluez | <5.37-0ubuntu5.3+esm3 | 5.37-0ubuntu5.3+esm3 |
| Ubuntu Ubuntu | =16.04 | |
| All of | ||
| ubuntu/libbluetooth3 | <5.37-0ubuntu5.3+esm3 | 5.37-0ubuntu5.3+esm3 |
| Ubuntu Ubuntu | =16.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2023-45866
- https://launchpad.net/ubuntu/+source/bluez/5.68-0ubuntu1.1
- https://launchpad.net/ubuntu/+source/bluez/5.66-0ubuntu1.1
- https://launchpad.net/ubuntu/+source/bluez/5.64-0ubuntu1.1
- https://launchpad.net/ubuntu/+source/bluez/5.53-0ubuntu3.7
- https://ubuntu.com/security/notices/USN-6540-1 (Advisory)
Frequently Asked Questions
What is the vulnerability ID for this BlueZ vulnerability?
The vulnerability ID for this BlueZ vulnerability is USN-6540-1.
What is the impact of this vulnerability?
This vulnerability could allow a physically proximate attacker to inject keystrokes and execute arbitrary commands.
Which software versions are affected by this vulnerability?
The affected software versions are BlueZ 5.68-0ubuntu1.1, BlueZ 5.66-0ubuntu1.1, BlueZ 5.64-0ubuntu1.1, BlueZ 5.53-0ubuntu3.7, BlueZ 5.48-0ubuntu3.9+esm1, and BlueZ 5.37-0ubuntu5.3+esm3.
How can I fix this BlueZ vulnerability?
To fix this vulnerability, update BlueZ to version 5.68-0ubuntu1.1 or later.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability on the Ubuntu security website and the referenced Launchpad pages.
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/23.10
- version/ubuntu ubuntu/23.04
- version/ubuntu ubuntu/22.04
- version/ubuntu ubuntu/20.04
- version/ubuntu ubuntu/18.04
- version/ubuntu ubuntu/16.04