Launchpad CVE tracker

CVE 2023-45866

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.

Related bugs and status

CVE-2023-45866 (Candidate) is related to these bugs:

Bug #2045855: package bluez 5.64-0ubuntu1.1 failed to install/upgrade: end of file on stdin at conffile prompt

Summary				In	Importance	Status
	2045855	package bluez 5.64-0ubuntu1.1 failed to install/upgrade: end of file on stdin at conffile prompt		bluez (Ubuntu)	Undecided	Expired

Bug #2045931: ps3 sixasis controller request pin to connect to bt

Summary				In	Importance	Status
	2045931	ps3 sixasis controller request pin to connect to bt		bluez (Ubuntu)	Critical	Won't Fix
	2045931	ps3 sixasis controller request pin to connect to bt		Bluez Utilities	Unknown	New

Bug #2046084: HID gamepad not working when paired with blueman on bluez 5.68-0ubuntu1.1

Summary				In	Importance	Status
	2046084	HID gamepad not working when paired with blueman on bluez 5.68-0ubuntu1.1		blueman (Ubuntu)	Undecided	Confirmed

Bug #2046116: bluetooth device connected but not recognised as output device

Summary				In	Importance	Status
	2046116	bluetooth device connected but not recognised as output device		bluez (Ubuntu)	Undecided	New

Bug #2047185: [Debian] High CVE: CVE-2023-45866 bluez: permit an unauthenticated Peripheral role

Summary				In	Importance	Status
	2047185	[Debian] High CVE: CVE-2023-45866 bluez: permit an unauthenticated Peripheral role		StarlingX	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2023-45866

References