Cve-2023-45866 + CVE-2020-0556

REPRODUCIBILITY:
OS VERSION: ALL
HARDWARE: ALL
UI LANGUAGE: ALL
REGRESSION:

DESCRIPTION:

cve-2023-45866
CVE-2020-0556

Sailfish use bluez5 with disabled fix for these two CVE.

Fix:

https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675

PRECONDITIONS:

STEPS TO REPRODUCE:

EXPECTED RESULT:

ACTUAL RESULT:

MODIFICATIONS:

ADDITIONAL INFORMATION:

It honestly irritates me how this has been around for months yet nobody cared until the December security bulletin came out…

Either case, this will take a long time until it makes its way into SFOS, either by a 5.71 Bluez5 tag or a cherry-pick (with the former being more likely): I invite you to publish a PR with this patch as the latter so the Jolla guys can decide whether to merge this now or wait it out.

1 Like

exploitation on Linux/BlueZ requires that Bluetooth is discoverable/connectable

According to https://www.darkreading.com/vulnerabilities-threats/critical-bluetooth-flaw-exposes-android-apple-and-linux-devices-to-keystroke-injection-attack

The proper way to do a PR for this is to apply the upstream commit.
That way appropriate credit is given, and comments/reason is not lost like with this version.

6 Likes

For those not following on github, looks like it’s in the works from a comment by mal: Update device.c by acfbhytuiltyghrth · Pull Request #10 · sailfishos/bluez5 · GitHub

1 Like

Do I read input.conf: Change default of ClassicBondedOnly - bluez.git - Bluetooth protocol stack for Linux correctly that the vuln can be mitigated without recompiling/updating by setting the config value ClassicBondedOnly to true in input.conf?

2 Likes

Yes, you read that correctly. Now, if that actually mitigates the issue, I have no idea. EDIT: as far as I can tell this IS the mitigation so just change the input profile config, maybe just add

ClassicBondedOnly=true

to /etc/bluez5/bluetooth/input.conf

If you’re feeling nervous.

3 Likes

There is now PR to update bluez5 to latest version which includes the fix Update to 5.71 by mlehtima · Pull Request #11 · sailfishos/bluez5 · GitHub

10 Likes