CVE-2023-50230 – This CVE describes a heap-based buffer overflow... (How to Fix)

Q: What is the severity of CVE-2023-50230?

CVE-2023-50230 has a CVSS score of 8.0 (HIGH). This CVE describes a heap-based buffer overflow vulnerability in BlueZ's Phone Book Access Profile that allows network-adjacent attackers to execute arbitrary code as root. The vulnerability requires the target to connect to a malicious Bluetooth device, making user interaction necessary for exploitation. Systems running vulnerable versions of BlueZ with Bluetooth enabled are affected.

📋 TL;DR

This CVE describes a heap-based buffer overflow vulnerability in BlueZ's Phone Book Access Profile that allows network-adjacent attackers to execute arbitrary code as root. The vulnerability requires the target to connect to a malicious Bluetooth device, making user interaction necessary for exploitation. Systems running vulnerable versions of BlueZ with Bluetooth enabled are affected.

💻 Affected Systems

Products:

BlueZ (Linux Bluetooth protocol stack)

Versions: Versions prior to the fix commit 5ab5352531a9cc7058cce569607f3a6831464443

Operating Systems: Linux distributions using BlueZ (Debian, Ubuntu, Fedora, etc.)

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with Bluetooth enabled and Phone Book Access Profile functionality. Embedded/IoT devices using BlueZ may also be vulnerable.

📦 What is this software?

Bluez by Bluez

View all CVEs affecting Bluez →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with root privileges leading to complete system compromise, data theft, and persistent backdoor installation.

🟠

Likely Case

Local privilege escalation or denial of service on affected Bluetooth services, potentially leading to system instability.

🟢

If Mitigated

Limited impact with proper network segmentation and Bluetooth disabled on critical systems.

🌐 Internet-Facing: LOW - Bluetooth has limited range and requires physical proximity, not internet exposure.

🏢 Internal Only: MEDIUM - Attackers need to be within Bluetooth range and require user interaction to connect malicious device.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires attacker to be within Bluetooth range and user to connect to malicious device. ZDI has confirmed the vulnerability but no public exploit is known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit 5ab5352531a9cc7058cce569607f3a6831464443

Vendor Advisory: https://github.com/bluez/bluez/commit/5ab5352531a9cc7058cce569607f3a6831464443

Restart Required: Yes

Instructions:

1. Update BlueZ package using your distribution's package manager. 2. For Debian/Ubuntu: sudo apt update && sudo apt upgrade bluez. 3. For Fedora/RHEL: sudo dnf update bluez. 4. Restart Bluetooth service: sudo systemctl restart bluetooth. 5. Reboot system to ensure all components are updated.

🔧 Temporary Workarounds

Disable Bluetooth

linux

Completely disable Bluetooth to prevent exploitation

sudo systemctl stop bluetooth
sudo systemctl disable bluetooth

Disable Phone Book Access Profile

linux

Disable specific vulnerable profile while keeping Bluetooth functional

Edit /etc/bluetooth/main.conf and set 'Disable' for PBAP profile
sudo systemctl restart bluetooth

🧯 If You Can't Patch

Disable Bluetooth on all affected systems immediately
Implement network segmentation to isolate Bluetooth-enabled devices from critical systems

🔍 How to Verify

Check if Vulnerable:

Check BlueZ version: bluetoothd --version. If version predates commit 5ab5352531a9cc7058cce569607f3a6831464443, system is vulnerable.

Check Version:

bluetoothd --version || dpkg -l | grep bluez || rpm -qa | grep bluez

Verify Fix Applied:

Verify BlueZ version is updated and check that commit 5ab5352531a9cc7058cce569607f3a6831464443 is included in your version.

📡 Detection & Monitoring

Log Indicators:

Unusual Bluetooth connection attempts in system logs
Bluetooth service crashes or abnormal restarts
Failed PBAP profile connections

Network Indicators:

Unexpected Bluetooth pairing requests from unknown devices
Abnormal Bluetooth traffic patterns

SIEM Query:

source="systemd" "bluetooth" AND ("failed" OR "error" OR "crash")

📊 Metadata

CVE ID: CVE-2023-50230

CVSS v3 Score: 8.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-122

Published: May 3, 2024

Last Updated: November 4, 2025

🔗 References

https://github.com/bluez/bluez/commit/5ab5352531a9cc7058cce569607f3a6831464443 Patch
https://www.zerodayinitiative.com/advisories/ZDI-23-1812/ Third Party Advisory
https://github.com/bluez/bluez/commit/5ab5352531a9cc7058cce569607f3a6831464443 Patch
https://lists.debian.org/debian-lts-announce/2024/09/msg00022.html
https://www.zerodayinitiative.com/advisories/ZDI-23-1812/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-50230, you might also want to check these: