bluez: double free in gatttool client disconnect callback handler in src/shared/att.c could lead to DoS or RCE (CVE-2020-27153)

In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event.

References:

https://nvd.nist.gov/vuln/detail/CVE-2020-27153
https://security-tracker.debian.org/tracker/CVE-2020-27153

Patch:

https://github.com/bluez/bluez/commit/1cd644db8c23a2f530ddb93cebed7dacc5f5721a

Affected branches:

Edited Dec 10, 2020 by Leo

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information