CVE-2019-8921
Summary
| CVE | CVE-2019-8921 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-11-29 08:15:07 UTC |
| Updated | 2026-04-15 21:17:02 UTC |
| Description | An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting in leaking arbitrary heap data. The root cause can be found in the function service_attr_req of sdpd-request.c. The server does not check whether the CSTATE data is the same in consecutive requests, and instead simply trusts that it is the same. |
Risk And Classification
Primary CVSS: v3.1 6.5 MEDIUM from [email protected]
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS: 0.000380000 probability, percentile 0.112770000 (date 2026-04-15)
Problem Types: CWE-345 | n/a | CWE-345 CWE-345 Insufficient Verification of Data Authenticity
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Primary | 6.5 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| 3.1 | ADP | DECLARED | 6.5 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| 3.1 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary | 6.5 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| 2.0 | [email protected] | Primary | 3.3 | AV:A/AC:L/Au:N/C:P/I:N/A:N |
CVSS v3.1 Breakdown
Attack Vector
AdjacentAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
NoneAvailability
NoneCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS v2.0 Breakdown
Access Vector
AdjacentAccess Complexity
LowAuthentication
NoneConfidentiality
PartialIntegrity
NoneAvailability
NoneAV:A/AC:L/Au:N/C:P/I:N/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Bluez | Bluez | All | All | All | All |
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Operating System | Linux | Linux Kernel | - | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| SSD Advisory – Linux BlueZ Information Leak and Heap Overflow - SSD Secure Disclosure | af854a3a-2127-422b-91ae-364da2661108 | ssd-disclosure.com | Exploit, Patch, Third Party Advisory |
| [SECURITY] [DLA 3157-1] bluez security update | af854a3a-2127-422b-91ae-364da2661108 | lists.debian.org | Mailing List, Third Party Advisory |
| November 2021 BlueZ Vulnerabilities in NetApp Products | NetApp Product Security | af854a3a-2127-422b-91ae-364da2661108 | security.netapp.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 178914 Debian Security Update for bluez (DLA 2827-1)
- 181160 Debian Security Update for bluez (DLA 3157-1)
- 356420 Amazon Linux Security Advisory for bluez : ALAS2-2023-2309
- 671592 EulerOS Security Update for bluez (EulerOS-SA-2022-1524)
- 671653 EulerOS Security Update for bluez (EulerOS-SA-2022-1707)
- 752696 SUSE Enterprise Linux Security Update for bluez (SUSE-SU-2022:3691-1)
- 752697 SUSE Enterprise Linux Security Update for bluez (SUSE-SU-2022:3687-1)
- 752714 SUSE Enterprise Linux Security Update for bluez (SUSE-SU-2022:3718-1)