CVE-2017-1000250

Source
Severity High
Remote Yes
Type Information disclosure
Description
An information-disclosure flaw was found in the bluetoothd implementation of the Service Discovery Protocol (SDP). A specially crafted Bluetooth device could, without prior pairing or user interaction, retrieve portions of the bluetoothd process memory, including potentially sensitive information such as Bluetooth encryption keys.
Group Package Affected Fixed Severity Status Ticket
AVG-396 bluez 5.46-1 5.46-2 High Fixed FS#55603
Date Advisory Group Package Severity Description
12 Sep 2017 ASA-201709-3 AVG-396 bluez High information disclosure
References
https://www.armis.com/blueborne/
http://pkgs.fedoraproject.org/cgit/rpms/bluez.git/plain/0010-Out-of-bounds-heap-read-in-service_search_attr_req-f.patch