Luiz Augusto von Dentz

6 exploits Active since Oct 2020
CVE-2020-27153 WRITEUP HIGH WRITEUP
BlueZ <5.55 - Use After Free
In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event.
CVSS 8.6
CVE-2022-0204 WRITEUP HIGH WRITEUP
bluez <5.63 - Buffer Overflow
A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.
CVSS 8.8
CVE-2022-42895 WRITEUP MEDIUM WRITEUP
Linux Kernel - Info Disclosure
There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit  https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url
CVSS 5.1
CVE-2023-50229 WRITEUP HIGH WRITEUP
Bluez < 5.70 - Heap Buffer Overflow
BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the handling of the Phone Book Access profile. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20936.
CVSS 8.0
CVE-2023-50230 WRITEUP HIGH WRITEUP
Bluez < 5.70 - Heap Buffer Overflow
BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the handling of the Phone Book Access profile. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20938.
CVSS 8.0
CVE-2023-51779 WRITEUP HIGH WRITEUP
Linux kernel <6.6.8 - Use After Free
bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition.
CVSS 7.0