VDB

GCVE-VVD-MAGEIA-2021-532

GCVE-VVD-MAGEIA-2021-532
Advisory Published
Vulnetix · Advisory published December 2, 2021
BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash. (CVE-2021-41229) An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free can occur when a client disconnects during D-Bus processing of a WriteValue call. (CVE-2021-43400)
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiabluez0 (affected), 5.55-3.3.mga8 (unaffected)

Aliases

CVE-2021-43400CVE-2021-41229

Transitive aliases

GSD-2021-41229BDU:2022-06043RHSA-2022:2081EUVD-2021-28288CNVD-2021-92546SUSE-SU-2023:3240-1SUSE-SU-2024:0166-1WID-SEC-W-2022-1836BDU:2022-03135GHSA-xgf8-98pj-cm5cSUSE-SU-2024:0167-1ALSA-2022:2081VAR-202111-1603SUSE-SU-2023:3238-1SUSE-SU-2023:3689-1VVD-GENTOO-2021-823802EUVD-2021-30335

References

Updated bluez packages fix security vulnerability
advisory
Updated bluez packages fix security vulnerability
advisory
Updated bluez packages fix security vulnerability
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›