UBUNTU-CVE-2023-45866
- Source
- https://ubuntu.com/security/CVE-2023-45866
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-45866.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-45866
- Upstream
- Downstream
- Related
- Published
- 2023-12-06T00:00:00Z
- Modified
- 2025-07-16T07:20:47.705655Z
- Severity
-
- 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.
- References
Affected packages
Ubuntu:Pro:16.04:LTS / bluez
Package
- Name
- bluez
- Purl
- pkg:deb/ubuntu/bluez@5.37-0ubuntu5.3+esm3?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.37-0ubuntu5.3+esm3
Affected versions
5.*
5.35-0ubuntu2
5.36-0ubuntu1
5.37-0ubuntu5
5.37-0ubuntu5.1
5.37-0ubuntu5.3
5.37-0ubuntu5.3+esm1
5.37-0ubuntu5.3+esm2
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "bluetooth",
"binary_version": "5.37-0ubuntu5.3+esm3"
},
{
"binary_name": "bluez",
"binary_version": "5.37-0ubuntu5.3+esm3"
},
{
"binary_name": "bluez-cups",
"binary_version": "5.37-0ubuntu5.3+esm3"
},
{
"binary_name": "bluez-cups-dbgsym",
"binary_version": "5.37-0ubuntu5.3+esm3"
},
{
"binary_name": "bluez-dbg",
"binary_version": "5.37-0ubuntu5.3+esm3"
},
{
"binary_name": "bluez-dbgsym",
"binary_version": "5.37-0ubuntu5.3+esm3"
},
{
"binary_name": "bluez-hcidump",
"binary_version": "5.37-0ubuntu5.3+esm3"
},
{
"binary_name": "bluez-hcidump-dbgsym",
"binary_version": "5.37-0ubuntu5.3+esm3"
},
{
"binary_name": "bluez-obexd",
"binary_version": "5.37-0ubuntu5.3+esm3"
},
{
"binary_name": "bluez-obexd-dbgsym",
"binary_version": "5.37-0ubuntu5.3+esm3"
},
{
"binary_name": "bluez-tests",
"binary_version": "5.37-0ubuntu5.3+esm3"
},
{
"binary_name": "bluez-tests-dbgsym",
"binary_version": "5.37-0ubuntu5.3+esm3"
},
{
"binary_name": "libbluetooth-dev",
"binary_version": "5.37-0ubuntu5.3+esm3"
},
{
"binary_name": "libbluetooth-dev-dbgsym",
"binary_version": "5.37-0ubuntu5.3+esm3"
},
{
"binary_name": "libbluetooth3",
"binary_version": "5.37-0ubuntu5.3+esm3"
},
{
"binary_name": "libbluetooth3-dbg",
"binary_version": "5.37-0ubuntu5.3+esm3"
},
{
"binary_name": "libbluetooth3-dbgsym",
"binary_version": "5.37-0ubuntu5.3+esm3"
}
]
}
Ubuntu:Pro:18.04:LTS / bluez
Package
- Name
- bluez
- Purl
- pkg:deb/ubuntu/bluez@5.48-0ubuntu3.9+esm1?arch=source&distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.48-0ubuntu3.9+esm1
Affected versions
5.*
5.46-0ubuntu3
5.46-0ubuntu4
5.48-0ubuntu3
5.48-0ubuntu3.1
5.48-0ubuntu3.2
5.48-0ubuntu3.3
5.48-0ubuntu3.4
5.48-0ubuntu3.5
5.48-0ubuntu3.6
5.48-0ubuntu3.7
5.48-0ubuntu3.8
5.48-0ubuntu3.9
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "bluetooth",
"binary_version": "5.48-0ubuntu3.9+esm1"
},
{
"binary_name": "bluez",
"binary_version": "5.48-0ubuntu3.9+esm1"
},
{
"binary_name": "bluez-cups",
"binary_version": "5.48-0ubuntu3.9+esm1"
},
{
"binary_name": "bluez-dbg",
"binary_version": "5.48-0ubuntu3.9+esm1"
},
{
"binary_name": "bluez-hcidump",
"binary_version": "5.48-0ubuntu3.9+esm1"
},
{
"binary_name": "bluez-obexd",
"binary_version": "5.48-0ubuntu3.9+esm1"
},
{
"binary_name": "bluez-tests",
"binary_version": "5.48-0ubuntu3.9+esm1"
},
{
"binary_name": "libbluetooth-dev",
"binary_version": "5.48-0ubuntu3.9+esm1"
},
{
"binary_name": "libbluetooth3",
"binary_version": "5.48-0ubuntu3.9+esm1"
},
{
"binary_name": "libbluetooth3-dbg",
"binary_version": "5.48-0ubuntu3.9+esm1"
}
]
}
Ubuntu:20.04:LTS / bluez
Package
- Name
- bluez
- Purl
- pkg:deb/ubuntu/bluez@5.53-0ubuntu3.7?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.53-0ubuntu3.7
Affected versions
5.*
5.50-0ubuntu4
5.51-0ubuntu1
5.51-0ubuntu2
5.52-0ubuntu1
5.52-0ubuntu2
5.53-0ubuntu1
5.53-0ubuntu2
5.53-0ubuntu3
5.53-0ubuntu3.1
5.53-0ubuntu3.2
5.53-0ubuntu3.3
5.53-0ubuntu3.4
5.53-0ubuntu3.5
5.53-0ubuntu3.6
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "bluetooth",
"binary_version": "5.53-0ubuntu3.7"
},
{
"binary_name": "bluez",
"binary_version": "5.53-0ubuntu3.7"
},
{
"binary_name": "bluez-cups",
"binary_version": "5.53-0ubuntu3.7"
},
{
"binary_name": "bluez-dbg",
"binary_version": "5.53-0ubuntu3.7"
},
{
"binary_name": "bluez-hcidump",
"binary_version": "5.53-0ubuntu3.7"
},
{
"binary_name": "bluez-obexd",
"binary_version": "5.53-0ubuntu3.7"
},
{
"binary_name": "bluez-tests",
"binary_version": "5.53-0ubuntu3.7"
},
{
"binary_name": "libbluetooth-dev",
"binary_version": "5.53-0ubuntu3.7"
},
{
"binary_name": "libbluetooth3",
"binary_version": "5.53-0ubuntu3.7"
},
{
"binary_name": "libbluetooth3-dbg",
"binary_version": "5.53-0ubuntu3.7"
}
]
}
Ubuntu:22.04:LTS / bluez
Package
- Name
- bluez
- Purl
- pkg:deb/ubuntu/bluez@5.64-0ubuntu1.1?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.64-0ubuntu1.1
Affected versions
5.*
5.60-0ubuntu2
5.62-0ubuntu1
5.62-0ubuntu2
5.63-0ubuntu1
5.63-0ubuntu2
5.64-0ubuntu1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "bluetooth",
"binary_version": "5.64-0ubuntu1.1"
},
{
"binary_name": "bluez",
"binary_version": "5.64-0ubuntu1.1"
},
{
"binary_name": "bluez-cups",
"binary_version": "5.64-0ubuntu1.1"
},
{
"binary_name": "bluez-cups-dbgsym",
"binary_version": "5.64-0ubuntu1.1"
},
{
"binary_name": "bluez-dbgsym",
"binary_version": "5.64-0ubuntu1.1"
},
{
"binary_name": "bluez-hcidump",
"binary_version": "5.64-0ubuntu1.1"
},
{
"binary_name": "bluez-hcidump-dbgsym",
"binary_version": "5.64-0ubuntu1.1"
},
{
"binary_name": "bluez-meshd",
"binary_version": "5.64-0ubuntu1.1"
},
{
"binary_name": "bluez-meshd-dbgsym",
"binary_version": "5.64-0ubuntu1.1"
},
{
"binary_name": "bluez-obexd",
"binary_version": "5.64-0ubuntu1.1"
},
{
"binary_name": "bluez-obexd-dbgsym",
"binary_version": "5.64-0ubuntu1.1"
},
{
"binary_name": "bluez-tests",
"binary_version": "5.64-0ubuntu1.1"
},
{
"binary_name": "bluez-tests-dbgsym",
"binary_version": "5.64-0ubuntu1.1"
},
{
"binary_name": "libbluetooth-dev",
"binary_version": "5.64-0ubuntu1.1"
},
{
"binary_name": "libbluetooth3",
"binary_version": "5.64-0ubuntu1.1"
},
{
"binary_name": "libbluetooth3-dbgsym",
"binary_version": "5.64-0ubuntu1.1"
}
]
}
Ubuntu:24.04:LTS / bluez
Package
- Name
- bluez
- Purl
- pkg:deb/ubuntu/bluez@5.70-0ubuntu3?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.70-0ubuntu3
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "bluetooth",
"binary_version": "5.70-0ubuntu3"
},
{
"binary_name": "bluez",
"binary_version": "5.70-0ubuntu3"
},
{
"binary_name": "bluez-cups",
"binary_version": "5.70-0ubuntu3"
},
{
"binary_name": "bluez-cups-dbgsym",
"binary_version": "5.70-0ubuntu3"
},
{
"binary_name": "bluez-dbgsym",
"binary_version": "5.70-0ubuntu3"
},
{
"binary_name": "bluez-hcidump",
"binary_version": "5.70-0ubuntu3"
},
{
"binary_name": "bluez-hcidump-dbgsym",
"binary_version": "5.70-0ubuntu3"
},
{
"binary_name": "bluez-meshd",
"binary_version": "5.70-0ubuntu3"
},
{
"binary_name": "bluez-meshd-dbgsym",
"binary_version": "5.70-0ubuntu3"
},
{
"binary_name": "bluez-obexd",
"binary_version": "5.70-0ubuntu3"
},
{
"binary_name": "bluez-obexd-dbgsym",
"binary_version": "5.70-0ubuntu3"
},
{
"binary_name": "bluez-tests",
"binary_version": "5.70-0ubuntu3"
},
{
"binary_name": "bluez-tests-dbgsym",
"binary_version": "5.70-0ubuntu3"
},
{
"binary_name": "libbluetooth-dev",
"binary_version": "5.70-0ubuntu3"
},
{
"binary_name": "libbluetooth3",
"binary_version": "5.70-0ubuntu3"
},
{
"binary_name": "libbluetooth3-dbgsym",
"binary_version": "5.70-0ubuntu3"
}
]
}