CVE-2023-51580 – This vulnerability in BlueZ's AVRCP protocol al... (How to Fix)

Q: What is the severity of CVE-2023-51580?

CVE-2023-51580 has a CVSS score of 5.7 (MEDIUM). This vulnerability in BlueZ's AVRCP protocol allows attackers to read memory beyond allocated buffers via Bluetooth, potentially disclosing sensitive information. It affects Linux systems using BlueZ for Bluetooth audio control. Attackers must be network-adjacent and require user interaction to connect a malicious device.

📋 TL;DR

This vulnerability in BlueZ's AVRCP protocol allows attackers to read memory beyond allocated buffers via Bluetooth, potentially disclosing sensitive information. It affects Linux systems using BlueZ for Bluetooth audio control. Attackers must be network-adjacent and require user interaction to connect a malicious device.

💻 Affected Systems

Products:

BlueZ

Versions: Specific affected versions not specified in advisory, but likely multiple BlueZ versions before patching

Operating Systems: Linux distributions using BlueZ

Default Config Vulnerable: ⚠️ Yes

Notes: Requires Bluetooth AVRCP profile to be enabled and user to connect to malicious device.

📦 What is this software?

Bluez by Bluez

View all CVEs affecting Bluez →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Information disclosure combined with other vulnerabilities could lead to arbitrary code execution as root, potentially compromising the entire system.

🟠

Likely Case

Information disclosure of memory contents, which could reveal sensitive data or system information useful for further attacks.

🟢

If Mitigated

Limited information disclosure with no code execution if proper Bluetooth security controls are in place.

🌐 Internet-Facing: LOW - Requires Bluetooth proximity and user interaction, not directly internet exploitable.

🏢 Internal Only: MEDIUM - Requires physical proximity or internal network access to Bluetooth range, plus user interaction.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user to connect to malicious Bluetooth device and additional vulnerabilities for code execution.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check with your Linux distribution for specific patched BlueZ version

Vendor Advisory: https://www.zerodayinitiative.com/advisories/ZDI-23-1903/

Restart Required: Yes

Instructions:

1. Check your Linux distribution's security advisories. 2. Update BlueZ package via package manager. 3. Restart Bluetooth service or reboot system.

🔧 Temporary Workarounds

Disable Bluetooth AVRCP Profile

linux

Disable the AVRCP Bluetooth profile to prevent exploitation

sudo systemctl stop bluetooth
sudo systemctl disable bluetooth

Disable Bluetooth Completely

linux

Turn off Bluetooth to eliminate attack surface

sudo rfkill block bluetooth

🧯 If You Can't Patch

Disable Bluetooth when not in use
Implement strict Bluetooth pairing policies and only connect to trusted devices

🔍 How to Verify

Check if Vulnerable:

Check BlueZ version: bluetoothd --version or dpkg -l bluez | grep bluez

Check Version:

bluetoothd --version || dpkg -l bluez | grep bluez || rpm -q bluez

Verify Fix Applied:

Verify BlueZ version is updated to patched version from your distribution

📡 Detection & Monitoring

Log Indicators:

Unusual Bluetooth connection attempts
AVRCP protocol errors in Bluetooth logs

Network Indicators:

Suspicious Bluetooth device connections
AVRCP traffic from unknown devices

SIEM Query:

source="bluetooth" AND (error OR "AVRCP" OR "out of bounds")

📊 Metadata

CVE ID: CVE-2023-51580

CVSS v3 Score: 5.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE: CWE-125

Published: May 3, 2024

Last Updated: July 9, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-23-1903/ Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-1903/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-51580, you might also want to check these: