CVE-2020-27153 in BlueZ
Summary
by MITRE • 10/15/2020
In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 04/16/2026
The vulnerability identified as CVE-2020-27153 represents a critical double free condition within the BlueZ Bluetooth stack implementation that affects versions prior to 5.55. This flaw exists in the gatttool disconnect_cb() routine located in the shared/att.c file, where the software fails to properly manage memory allocation and deallocation sequences. The vulnerability manifests during Bluetooth service discovery operations when a remote attacker can trigger a sequence of events that leads to memory corruption through improper handling of MGMT events. The double free condition occurs when the same memory block is deallocated twice, creating a potential exploitation vector that could be leveraged for denial of service or potentially code execution. This type of vulnerability falls under CWE-415, which specifically addresses double free conditions in memory management, and represents a fundamental flaw in the software's resource handling mechanisms. The vulnerability is particularly concerning because it operates at the Bluetooth protocol level where it can be triggered remotely without requiring physical proximity or authentication.
The operational impact of this vulnerability extends beyond simple service disruption, as it creates opportunities for more sophisticated attacks within the Bluetooth ecosystem. When a remote attacker successfully triggers the double free condition during service discovery, the system may experience unpredictable behavior ranging from application crashes to complete system instability. The vulnerability's exploitation requires the attacker to establish a Bluetooth connection and initiate service discovery procedures, making it accessible in environments where Bluetooth devices are actively communicating. The MGMT event redundancy that contributes to this flaw suggests that the system does not properly validate or handle duplicate events, which is a common pattern in protocol implementations where event handling logic fails to account for edge cases. This vulnerability demonstrates how improper state management in network protocol stacks can create persistent security risks that affect the entire Bluetooth ecosystem.
Mitigation strategies for CVE-2020-27153 primarily focus on updating to BlueZ version 5.55 or later, where the double free condition has been addressed through proper memory management implementation. System administrators should prioritize patching affected systems, particularly those running Bluetooth services or devices that may be exposed to remote attackers. Network segmentation and Bluetooth service restrictions can provide additional defense in depth, limiting the attack surface available to potential adversaries. The vulnerability highlights the importance of proper memory management practices in protocol implementations and underscores the need for thorough testing of event handling routines. Organizations should also consider implementing Bluetooth monitoring solutions to detect anomalous service discovery patterns that might indicate exploitation attempts. From an ATT&CK framework perspective, this vulnerability relates to T1059.007 for command and scripting interpreter and T1499.004 for network disruption, as it enables both denial of service and potential code execution capabilities. The remediation process should include comprehensive testing of Bluetooth services after patching to ensure that the fix properly resolves the memory management issues without introducing new stability concerns.