CVE-2022-0204 in BlueZinfo

Summary

by MITRE • 03/10/2022

A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 04/16/2026

The heap overflow vulnerability identified as CVE-2022-0204 resides within the bluez Bluetooth protocol stack implementation and represents a critical security flaw affecting versions prior to 5.63. This vulnerability specifically targets the handling of Bluetooth service discovery protocol records within the bluez daemon, where improper bounds checking allows maliciously crafted data structures to overwrite adjacent heap memory regions. The flaw manifests when the system processes malformed Bluetooth service records that contain oversized or malformed data fields, leading to unpredictable memory corruption patterns that can result in application termination or system instability.

The technical exploitation of this vulnerability occurs through local network access where an attacker can craft specially formatted Bluetooth service discovery protocol packets or service records that trigger the heap overflow condition. When the bluez daemon processes these malformed records during service discovery operations, the insufficient input validation causes the heap allocator to write data beyond the allocated buffer boundaries. This memory corruption can overwrite critical heap metadata, function pointers, or adjacent memory structures, ultimately leading to application crashes or potential arbitrary code execution depending on the specific memory layout and corruption patterns. The vulnerability aligns with CWE-121 heap-based buffer overflow, which is classified as a serious weakness in memory safety practices within C-based applications.

Operationally, this vulnerability presents significant risks to Bluetooth-enabled systems that rely on bluez for wireless connectivity management. The denial of service impact affects any device running vulnerable bluez versions, including smartphones, laptops, servers, and embedded IoT devices that utilize Bluetooth services. Attackers can leverage this vulnerability to disrupt Bluetooth connectivity for extended periods, potentially affecting critical infrastructure operations, personal devices, or enterprise wireless networks. The local network access requirement means that adversaries do not need physical proximity to exploit the vulnerability, as Bluetooth packets can be transmitted across network boundaries, making it particularly dangerous in environments where Bluetooth services are exposed to untrusted networks or where automatic service discovery is enabled.

Organizations should prioritize immediate patching of all bluez installations to version 5.63 or later, as this update includes proper bounds checking and memory validation mechanisms for service record processing. System administrators should also implement network segmentation and Bluetooth service disablement for non-essential devices to minimize attack surface exposure. Additional mitigations include monitoring Bluetooth service discovery logs for anomalous packet patterns, implementing network-level filtering for suspicious Bluetooth traffic, and ensuring that automatic Bluetooth service discovery is disabled in security-sensitive environments. The vulnerability demonstrates the importance of proper input validation in network protocol implementations and aligns with ATT&CK technique T1059.007 for command and scripting interpreter execution, as exploitation may involve crafting malicious service records to trigger the vulnerable code paths within the bluez daemon.

Reservation

01/12/2022

Disclosure

03/10/2022

Moderation

accepted

CPE

ready

EPSS

0.01808

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!