CVE-2019-8922: 
NixOS vulnerability analysis and mitigation

A heap-based buffer overflow vulnerability was discovered in bluetoothd in BlueZ through version 5.48. The vulnerability exists in the Service Discovery Protocol (SDP) implementation where there isn't any check on whether there is enough space in the destination buffer when handling attribute requests (NVD, Ubuntu).

The vulnerability resides in the SDP protocol handling of attribute requests. The function serviceattrreq gets called by process_request (in sdpd-request.c), which allocates the response buffer. The values of all attributes that are requested are appended to the output buffer without any size checks, resulting in a heap overflow if an attacker can craft a request where the response is large enough to overflow the preallocated buffer. The vulnerability has a CVSS 3.1 Base Score of 8.8 (High) with vector CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (SSD Disclosure).

When successfully exploited, this vulnerability could allow an attacker to cause disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS). The vulnerability affects the bluetoothd daemon which typically runs with root privileges, meaning successful exploitation could potentially lead to full system compromise (Security NetApp).

The vulnerability has been fixed in various Linux distributions. Ubuntu has released fixes for versions 18.04 LTS (5.48-0ubuntu3.7) and 16.04 LTS (5.37-0ubuntu5.3+esm5). Users are recommended to update their bluez packages to the latest available versions (Ubuntu).