{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "CVE-2023-27349: fix crash while handling unsupported events in avrcp\n- CVE-2023-44431: fix Stack-based buffer overflow and remote code execution\n vulnerability\n- CVE-2023-45866: restrict HID connections to avoid unauthorized input injection\n- CVE-2023-50229: fix heap-based buffer overflow vulnerability in handling Phone\n Book Access profile by adding proper validation of user-supplied data length\n before copying to buffer\n- CVE-2023-50230: fix heap-based buffer overflow vulnerability in Phone Book\n Access profile to prevent arbitrary code execution by validating user-supplied\n data length before copying to buffer\n- CVE-2023-51580: validate AVRCP attribute list data to prevent out-of-bounds\n reads and information disclosure\n- CVE-2023-51589: validate AVRCP media element data to prevent out-of-bounds\n reads and information disclosure\n- CVE-2023-51592: validate AVRCP media folder data to prevent out-of-bounds\n reads and information disclosure\n- CVE-2023-51594: validate OBEX protocol parameters to prevent out-of-bounds\n reads and information disclosure\n- CVE-2023-51596: validate PBAP data length to prevent heap overflow and remote\n code execution", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/almalinux9.2esu/advisories/2025/clsa-2025_1763031616.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1763031616", "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1763031616" } ], "tracking": { "current_release_date": "2026-02-16T09:48:22Z", "generator": { "date": "2026-02-16T09:48:22Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1763031616", "initial_release_date": "2025-11-13T11:01:33Z", "revision_history": [ { "date": "2025-11-13T11:01:33Z", "number": "1", "summary": "Initial version" }, { "date": "2026-02-16T09:48:22Z", "number": "2", "summary": "Update document" } ], "status": "final", "version": "2" }, "title": "bluez: Fix of 10 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "AlmaLinux 9.2", "product": { "name": "AlmaLinux 9.2", "product_id": "AlmaLinux-9.2", "product_identification_helper": { "cpe": "cpe:2.3:o:almalinux:almalinux:9.2:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "AlmaLinux" } ], "category": "vendor", "name": "AlmaLinux OS Foundation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "bluez-hid2hci-0:5.72-4.el9.tuxcare.els1.x86_64", "product": { "name": "bluez-hid2hci-0:5.72-4.el9.tuxcare.els1.x86_64", "product_id": "bluez-hid2hci-0:5.72-4.el9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/bluez-hid2hci@5.72-4.el9.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.x86_64", "product": { "name": "bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.x86_64", "product_id": "bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/bluez-libs-devel@5.72-4.el9.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "bluez-libs-0:5.72-4.el9.tuxcare.els1.x86_64", "product": { "name": "bluez-libs-0:5.72-4.el9.tuxcare.els1.x86_64", "product_id": "bluez-libs-0:5.72-4.el9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/bluez-libs@5.72-4.el9.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "bluez-obexd-0:5.72-4.el9.tuxcare.els1.x86_64", "product": { "name": "bluez-obexd-0:5.72-4.el9.tuxcare.els1.x86_64", "product_id": "bluez-obexd-0:5.72-4.el9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/bluez-obexd@5.72-4.el9.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "bluez-mesh-0:5.72-4.el9.tuxcare.els1.x86_64", "product": { "name": "bluez-mesh-0:5.72-4.el9.tuxcare.els1.x86_64", "product_id": "bluez-mesh-0:5.72-4.el9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/bluez-mesh@5.72-4.el9.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "bluez-0:5.72-4.el9.tuxcare.els1.x86_64", "product": { "name": "bluez-0:5.72-4.el9.tuxcare.els1.x86_64", "product_id": "bluez-0:5.72-4.el9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/bluez@5.72-4.el9.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "bluez-cups-0:5.72-4.el9.tuxcare.els1.x86_64", "product": { "name": "bluez-cups-0:5.72-4.el9.tuxcare.els1.x86_64", "product_id": "bluez-cups-0:5.72-4.el9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/bluez-cups@5.72-4.el9.tuxcare.els1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.i686", "product": { "name": "bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.i686", "product_id": "bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/bluez-libs-devel@5.72-4.el9.tuxcare.els1?arch=i686" } } }, { "category": "product_version", "name": "bluez-libs-0:5.72-4.el9.tuxcare.els1.i686", "product": { "name": "bluez-libs-0:5.72-4.el9.tuxcare.els1.i686", "product_id": "bluez-libs-0:5.72-4.el9.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/bluez-libs@5.72-4.el9.tuxcare.els1?arch=i686" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "bluez-hid2hci-0:5.72-4.el9.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:bluez-hid2hci-0:5.72-4.el9.tuxcare.els1.x86_64" }, "product_reference": "bluez-hid2hci-0:5.72-4.el9.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.i686" }, "product_reference": "bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.x86_64" }, "product_reference": "bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "bluez-libs-0:5.72-4.el9.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:bluez-libs-0:5.72-4.el9.tuxcare.els1.x86_64" }, "product_reference": "bluez-libs-0:5.72-4.el9.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "bluez-libs-0:5.72-4.el9.tuxcare.els1.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:bluez-libs-0:5.72-4.el9.tuxcare.els1.i686" }, "product_reference": "bluez-libs-0:5.72-4.el9.tuxcare.els1.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "bluez-obexd-0:5.72-4.el9.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:bluez-obexd-0:5.72-4.el9.tuxcare.els1.x86_64" }, "product_reference": "bluez-obexd-0:5.72-4.el9.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "bluez-mesh-0:5.72-4.el9.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:bluez-mesh-0:5.72-4.el9.tuxcare.els1.x86_64" }, "product_reference": "bluez-mesh-0:5.72-4.el9.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "bluez-0:5.72-4.el9.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:bluez-0:5.72-4.el9.tuxcare.els1.x86_64" }, "product_reference": "bluez-0:5.72-4.el9.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "bluez-cups-0:5.72-4.el9.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:bluez-cups-0:5.72-4.el9.tuxcare.els1.x86_64" }, "product_reference": "bluez-cups-0:5.72-4.el9.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-45866", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "notes": [ { "category": "description", "text": "Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:bluez-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-cups-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-hid2hci-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-libs-0:5.72-4.el9.tuxcare.els1.i686", "AlmaLinux-9.2:bluez-libs-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.i686", "AlmaLinux-9.2:bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-mesh-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-obexd-0:5.72-4.el9.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-45866" }, { "category": "external", "summary": "http://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog", "url": "http://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2023/Dec/7", "url": "http://seclists.org/fulldisclosure/2023/Dec/7" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2023/Dec/9", "url": "http://seclists.org/fulldisclosure/2023/Dec/9" }, { "category": "external", "summary": "https://bluetooth.com", "url": "https://bluetooth.com/" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675", "url": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675" }, { "category": "external", "summary": "https://github.com/skysafe/reblog/tree/main/cve-2023-45866", "url": "https://github.com/skysafe/reblog/tree/main/cve-2023-45866" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2023/12/msg00011.html", "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00011.html" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202401-03", "url": "https://security.gentoo.org/glsa/202401-03" }, { "category": "external", "summary": "https://support.apple.com/kb/HT214035", "url": "https://support.apple.com/kb/HT214035" }, { "category": "external", "summary": "https://support.apple.com/kb/HT214036", "url": "https://support.apple.com/kb/HT214036" }, { "category": "external", "summary": "https://www.debian.org/security/2023/dsa-5584", "url": "https://www.debian.org/security/2023/dsa-5584" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/" } ], "release_date": "2023-12-08T06:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-11-13T11:00:19.002244Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1763031616", "product_ids": [ "AlmaLinux-9.2:bluez-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-cups-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-hid2hci-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-libs-0:5.72-4.el9.tuxcare.els1.i686", "AlmaLinux-9.2:bluez-libs-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.i686", "AlmaLinux-9.2:bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-mesh-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-obexd-0:5.72-4.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1763031616" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "AlmaLinux-9.2:bluez-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-cups-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-hid2hci-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-libs-0:5.72-4.el9.tuxcare.els1.i686", "AlmaLinux-9.2:bluez-libs-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.i686", "AlmaLinux-9.2:bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-mesh-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-obexd-0:5.72-4.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-51596", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "description", "text": "BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device.\nThe specific flaw exists within the handling of the Phone Book Access profile. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20939.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:bluez-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-cups-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-hid2hci-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-libs-0:5.72-4.el9.tuxcare.els1.i686", "AlmaLinux-9.2:bluez-libs-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.i686", "AlmaLinux-9.2:bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-mesh-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-obexd-0:5.72-4.el9.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-51596" } ], "release_date": "2024-05-03T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-11-13T11:00:19.002244Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1763031616", "product_ids": [ "AlmaLinux-9.2:bluez-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-cups-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-hid2hci-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-libs-0:5.72-4.el9.tuxcare.els1.i686", "AlmaLinux-9.2:bluez-libs-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.i686", "AlmaLinux-9.2:bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-mesh-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-obexd-0:5.72-4.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1763031616" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:bluez-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-cups-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-hid2hci-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-libs-0:5.72-4.el9.tuxcare.els1.i686", "AlmaLinux-9.2:bluez-libs-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.i686", "AlmaLinux-9.2:bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-mesh-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-obexd-0:5.72-4.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2023-51589", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "BlueZ Audio Profile AVRCP parse_media_element Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device.\n\nThe specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20853.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:bluez-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-cups-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-hid2hci-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-libs-0:5.72-4.el9.tuxcare.els1.i686", "AlmaLinux-9.2:bluez-libs-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.i686", "AlmaLinux-9.2:bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-mesh-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-obexd-0:5.72-4.el9.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-51589" }, { "category": "external", "summary": "https://www.zerodayinitiative.com/advisories/ZDI-23-1904/", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1904/" } ], "release_date": "2024-05-03T03:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-11-13T11:00:19.002244Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1763031616", "product_ids": [ "AlmaLinux-9.2:bluez-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-cups-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-hid2hci-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-libs-0:5.72-4.el9.tuxcare.els1.i686", "AlmaLinux-9.2:bluez-libs-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.i686", "AlmaLinux-9.2:bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-mesh-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-obexd-0:5.72-4.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1763031616" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:bluez-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-cups-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-hid2hci-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-libs-0:5.72-4.el9.tuxcare.els1.i686", "AlmaLinux-9.2:bluez-libs-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.i686", "AlmaLinux-9.2:bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-mesh-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-obexd-0:5.72-4.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-51580", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "BlueZ Audio Profile AVRCP avrcp_parse_attribute_list Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device.\n\nThe specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20852.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:bluez-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-cups-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-hid2hci-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-libs-0:5.72-4.el9.tuxcare.els1.i686", "AlmaLinux-9.2:bluez-libs-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.i686", "AlmaLinux-9.2:bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-mesh-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-obexd-0:5.72-4.el9.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-51580" }, { "category": "external", "summary": "https://www.zerodayinitiative.com/advisories/ZDI-23-1903/", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1903/" } ], "release_date": "2024-05-03T03:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-11-13T11:00:19.002244Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1763031616", "product_ids": [ "AlmaLinux-9.2:bluez-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-cups-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-hid2hci-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-libs-0:5.72-4.el9.tuxcare.els1.i686", "AlmaLinux-9.2:bluez-libs-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.i686", "AlmaLinux-9.2:bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-mesh-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-obexd-0:5.72-4.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1763031616" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:bluez-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-cups-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-hid2hci-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-libs-0:5.72-4.el9.tuxcare.els1.i686", "AlmaLinux-9.2:bluez-libs-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.i686", "AlmaLinux-9.2:bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-mesh-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-obexd-0:5.72-4.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-44431", "cwe": { "id": "CWE-121", "name": "Stack-based Buffer Overflow" }, "notes": [ { "category": "description", "text": "BlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device.\n\nThe specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19909.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:bluez-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-cups-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-hid2hci-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-libs-0:5.72-4.el9.tuxcare.els1.i686", "AlmaLinux-9.2:bluez-libs-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.i686", "AlmaLinux-9.2:bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-mesh-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-obexd-0:5.72-4.el9.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-44431" }, { "category": "external", "summary": "https://www.zerodayinitiative.com/advisories/ZDI-23-1900/", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1900/" } ], "release_date": "2024-05-03T03:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-11-13T11:00:19.002244Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1763031616", "product_ids": [ "AlmaLinux-9.2:bluez-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-cups-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-hid2hci-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-libs-0:5.72-4.el9.tuxcare.els1.i686", "AlmaLinux-9.2:bluez-libs-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.i686", "AlmaLinux-9.2:bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-mesh-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-obexd-0:5.72-4.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1763031616" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:bluez-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-cups-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-hid2hci-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-libs-0:5.72-4.el9.tuxcare.els1.i686", "AlmaLinux-9.2:bluez-libs-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.i686", "AlmaLinux-9.2:bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-mesh-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-obexd-0:5.72-4.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2023-51592", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "BlueZ Audio Profile AVRCP parse_media_folder Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device.\n\nThe specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20854.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:bluez-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-cups-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-hid2hci-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-libs-0:5.72-4.el9.tuxcare.els1.i686", "AlmaLinux-9.2:bluez-libs-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.i686", "AlmaLinux-9.2:bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-mesh-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-obexd-0:5.72-4.el9.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-51592" }, { "category": "external", "summary": "https://www.zerodayinitiative.com/advisories/ZDI-23-1905/", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1905/" } ], "release_date": "2024-05-03T03:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-11-13T11:00:19.002244Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1763031616", "product_ids": [ "AlmaLinux-9.2:bluez-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-cups-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-hid2hci-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-libs-0:5.72-4.el9.tuxcare.els1.i686", "AlmaLinux-9.2:bluez-libs-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.i686", "AlmaLinux-9.2:bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-mesh-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-obexd-0:5.72-4.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1763031616" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:bluez-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-cups-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-hid2hci-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-libs-0:5.72-4.el9.tuxcare.els1.i686", "AlmaLinux-9.2:bluez-libs-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.i686", "AlmaLinux-9.2:bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-mesh-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-obexd-0:5.72-4.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-51594", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "BlueZ OBEX Library Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device.\n\nThe specific flaw exists within the handling of OBEX protocol parameters. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20937.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:bluez-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-cups-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-hid2hci-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-libs-0:5.72-4.el9.tuxcare.els1.i686", "AlmaLinux-9.2:bluez-libs-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.i686", "AlmaLinux-9.2:bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-mesh-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-obexd-0:5.72-4.el9.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-51594" }, { "category": "external", "summary": "https://www.zerodayinitiative.com/advisories/ZDI-23-1901/", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1901/" } ], "release_date": "2024-05-03T03:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-11-13T11:00:19.002244Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1763031616", "product_ids": [ "AlmaLinux-9.2:bluez-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-cups-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-hid2hci-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-libs-0:5.72-4.el9.tuxcare.els1.i686", "AlmaLinux-9.2:bluez-libs-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.i686", "AlmaLinux-9.2:bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-mesh-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-obexd-0:5.72-4.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1763031616" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:bluez-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-cups-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-hid2hci-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-libs-0:5.72-4.el9.tuxcare.els1.i686", "AlmaLinux-9.2:bluez-libs-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.i686", "AlmaLinux-9.2:bluez-libs-devel-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-mesh-0:5.72-4.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:bluez-obexd-0:5.72-4.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] } ] }