CVE-2020-0556
HIGHBlueZ < 5.54 - Unauthenticated Privilege Escalation and Denial of Service via Adjacent Access
Title source: llmDescription
Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access
References (7)
Core 7
Core References
Patch, Third Party Advisory x_refsource_confirm
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202003-49
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2020/dsa-4647
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4311-1/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00008.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/06/msg00008.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00055.html
Scores
CVSS v3
7.1
EPSS
0.0016
EPSS Percentile
36.6%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Details
Status
published
Products (9)
bluez/bluez
< 5.54
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
18.04
canonical/ubuntu_linux
19.10
debian/debian_linux
8.0
debian/debian_linux
9.0
debian/debian_linux
10.0
opensuse/leap
15.1
opensuse/leap
15.2
Published
Mar 12, 2020
Tracked Since
Feb 18, 2026