CVE-2018-16265

Published: Jan 22, 2020Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The bt/bt_core system service in Tizen allows an unprivileged process to create a system user interface and control the Bluetooth pairing process, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.

Affected (16)

Products: Linux: Tizen

1 product

Configuration A

16 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Linux Tizen	Version 1.0
Linux Tizen	Version 1.0 m1
Linux Tizen	Version 2.0
Linux Tizen	Version 2.1
Linux Tizen	Version 2.2.1
Linux Tizen	Version 2.2
Linux Tizen	Version 2.3.1
Linux Tizen	Version 2.3
Linux Tizen	Version 2.4
Linux Tizen	Version 3.0
Linux Tizen	Version 3.0 m2
Linux Tizen	Version 3.0 m3
Linux Tizen	Version 4.0 m1
Linux Tizen	Version 4.0 m2
Linux Tizen	Version 4.0 m3
Linux Tizen	Version 5.0

Running on/with	Platform Versions
Samsung Galaxy Gear	All versions

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (8)

https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf

Source: cve@mitre.org

Third Party Advisory

https://review.tizen.org/git/?p=platform/core/connectivity/bluetooth-frwk.git%3Ba=commit%3Bh=074dfc9709d8cee84564fc815796b0ef0c3273f5

Source: cve@mitre.org

https://review.tizen.org/git/?p=platform/core/connectivity/bluetooth-frwk.git%3Ba=commit%3Bh=bafbd66906ae5712874dc0d7dd6288d2c1ae4db2

Source: cve@mitre.org

https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be

Source: cve@mitre.org

Third Party Advisory

https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://review.tizen.org/git/?p=platform/core/connectivity/bluetooth-frwk.git%3Ba=commit%3Bh=074dfc9709d8cee84564fc815796b0ef0c3273f5

Source: af854a3a-2127-422b-91ae-364da2661108

https://review.tizen.org/git/?p=platform/core/connectivity/bluetooth-frwk.git%3Ba=commit%3Bh=bafbd66906ae5712874dc0d7dd6288d2c1ae4db2

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.