A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function read_50_controller_cap_complete of the file tools/mgmt-tester.c of the component BlueZ. The manipulation of the argument cap_len leads to null pointer dereference. It is recommended to apply a patch to fix this issue. VDB-211086 is the identifier assigned to this vulnerability.

An update of the bluez package has been released.

The version of bluez installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-3563 advisory.

  - A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function     read_50_controller_cap_complete of the file tools/mgmt-tester.c of the component BlueZ. The manipulation     of the argument cap_len leads to null pointer dereference. It is recommended to apply a patch to fix this     issue. VDB-211086 is the identifier assigned to this vulnerability. (CVE-2022-3563)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6809-1 advisory.

    It was discovered that BlueZ could be made to dereference invalid memory. An attacker could possibly use     this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-3563)

    It was discovered that BlueZ could be made to write out of bounds. If a user were tricked into connecting     to a malicious device, an attacker could possibly use this issue to cause a denial of service or execute     arbitrary code. (CVE-2023-27349)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - kernel: Authvalue leak in Bluetooth Mesh Provisioning (CVE-2020-26559)

  - bluez: BlueZ allows physically proximate attackers to cause a denial of service because malformed and     invalid capabilities can be processed in profiles/audio/avdtp.c (CVE-2022-39177)

  - Pairing in Bluetooth Core v5.2 and earlier may permit an unauthenticated attacker to acquire credentials     with two pairing devices via adjacent access when the unauthenticated user initiates different pairing     methods in each peer device and an end-user erroneously completes both pairing procedures with the MITM     using the confirmation number of one peer as the passkey of the other. An adjacent, unauthenticated     attacker could be able to initiate any Bluetooth operation on either attacked device exposed by the     enabled Bluetooth profiles. This exposure may be limited when the user must authorize certain access     explicitly, but so long as a user assumes that it is the intended remote device requesting permissions,     device-local protections may be weakened. (CVE-2020-10134)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - kernel: impersonation attack in Bluetooth Mesh Provisioning (CVE-2020-26560)

  - bluez: BlueZ allows physically proximate attackers to cause a denial of service because malformed and     invalid capabilities can be processed in profiles/audio/avdtp.c (CVE-2022-39177)

  - A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function     read_50_controller_cap_complete of the file tools/mgmt-tester.c of the component BlueZ. The manipulation     of the argument cap_len leads to null pointer dereference. It is recommended to apply a patch to fix this     issue. VDB-211086 is the identifier assigned to this vulnerability. (CVE-2022-3563)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

This plugin has been deprecated as it does not adhere to established standards for this style of check.

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-262 advisory.

  - A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function     read_50_controller_cap_complete of the file tools/mgmt-tester.c of the component BlueZ. The manipulation     of the argument cap_len leads to null pointer dereference. It is recommended to apply a patch to fix this     issue. VDB-211086 is the identifier assigned to this vulnerability. (CVE-2022-3563)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0167-1 advisory.

  - A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function     read_50_controller_cap_complete of the file tools/mgmt-tester.c of the component BlueZ. The manipulation     of the argument cap_len leads to null pointer dereference. It is recommended to apply a patch to fix this     issue. VDB-211086 is the identifier assigned to this vulnerability. (CVE-2022-3563)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
204637	Photon OS 3.0: Bluez PHSA-2023-3.0-0570	Nessus	PhotonOS Local Security Checks	critical
203188	Photon OS 4.0: Bluez PHSA-2023-4.0-0380	Nessus	PhotonOS Local Security Checks	critical
201601	CBL Mariner 2.0 Security Update: bluez (CVE-2022-3563)	Nessus	MarinerOS Local Security Checks	medium
200132	Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : BlueZ vulnerabilities (USN-6809-1)	Nessus	Ubuntu Local Security Checks	medium
198738	RHEL 8 : bluez (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	high
198717	RHEL 9 : bluez (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	high
196471	RHEL 6 : bluez (Unpatched Vulnerability) (deprecated)	Nessus	Red Hat Local Security Checks	high
178602	Amazon Linux 2023 : bluez, bluez-cups, bluez-deprecated (ALAS2023-2023-262)	Nessus	Amazon Linux Local Security Checks	medium
170709	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : bluez (SUSE-SU-2023:0167-1)	Nessus	SuSE Local Security Checks	medium

Detections

Analytics

CVE-2022-3563

medium

Tenable Plugins

critical

critical

medium

medium

high

high

high

medium

medium