| Summary | BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the HID over GATT Profile. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25177. |
|---|---|
| Publication Date | Nov. 23, 2024, 6:15 a.m. |
| Registration Date | Nov. 24, 2024, 5:02 a.m. |
| Last Update | Nov. 23, 2024, 6:15 a.m. |
| Title | BlueZ Project の BlueZ における脆弱性 |
|---|---|
| Summary | BlueZ Project の BlueZ には、不特定の脆弱性が存在します。 |
| Possible impacts | 情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。 |
| Solution | 参考情報を参照して適切な対策を実施してください。 |
| Publication Date | Nov. 22, 2024, midnight |
| Registration Date | Dec. 23, 2024, 2:18 p.m. |
| Last Update | Dec. 23, 2024, 2:18 p.m. |
| BlueZ Project |
| BlueZ 5.77 |
| No | Changed Details | Date of change |
|---|---|---|
| 1 | [2024年12月23日] 掲載 |
Dec. 23, 2024, 2:18 p.m. |