bluez: Improper access control in subsystem could result in privilege escalation and DoS (CVE-2020-0556)

Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access.

References:

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html
https://lore.kernel.org/linux-bluetooth/20200310023516.209146-1-alainm@chromium.org/

Patches:

https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8cdbd3b09f29da29374e2f83369df24228da0ad1
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=3cccdbab2324086588df4ccf5f892fb3ce1f1787

Second commit introduces new configuration option "ClassicBondedOnly" which defaults to false, and allows to make sure that input connections only come from bonded device connections.

Followup commits to avoid (functional) regression:

https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=35d8d895cd0b724e58129374beb0bb4a2edf9519
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=f2778f5877d20696d68a452b26e4accb91bfb19e

Affected branches:

Edited Mar 24, 2020 by Leo

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information