• Developers
  • Learning Hub
    • Learning Hub Developers
    Price. Buy. Download. Try.
    Subnavigation

    Security advisory: A read past the end of the buffer and division by zero security issue in QLowEnergyController on Linux impacts Qt

    January 21, 2025 by Tuukka Kettunen | Comments

    A read past the end of the buffer and division by zero security issue in QLowEnergyController in the Qt Bluetooth module on Linux has been discovered and has been assigned the CVE id CVE-2025-23050.

    Affected versions: From Qt 5.4.0 to 5.15.18, 6.0.0 to 6.5.8, and 6.6.0 to 6.8.1.

    Impact: QLowEnergyController on Linux has a BlueZ DBus and a Bluetooth Kernel API backend. When using the Bluetooth Kernel API backend of QLowEnergyController, QtBluetooth creates a Bluetooth L2CAP socket to establish a connection with an external Bluetooth Low Energy device. After that, the external device can send malformed Bluetooth ATT commands to trigger read past the end of the buffer and division by zero errors. The problem is relevant for both central and peripheral roles.

    For central role use cases the Bluetooth Kernel API backend is only used if the system's BlueZ runtime version is lower than 5.42.

    For peripheral use cases, the Bluetooth Kernel API backend is used by default for all Qt versions before Qt 6.7. Deployments using Qt 6.7 or later trigger the backend if the Bluez version is below 5.56 or the explicit opt in via the env variable QT_BLUETOOTH_USE_KERNEL_PERIPHERAL was given.

    In the central role the user has to explicitly connect to the attacking external device before the malformed commands are processed.

    In the peripheral role, the advertising should be started with the QLowEnergyAdvertisingParameters::AdvInd mode to allow the external device to connect.

    Solution: Apply the following patch or update to Qt 6.9.0 or 6.8.2 or 6.5.9 or 5.15.19

    Patches:

    dev: https://codereview.qt-project.org/c/qt/qtconnectivity/+/614538
    Qt 6.9: https://codereview.qt-project.org/c/qt/qtconnectivity/+/616915/2
    Qt 6.8: https://codereview.qt-project.org/c/qt/qtconnectivity/+/617004 or https://download.qt.io/official_releases/qt/6.8/CVE-2025-23050-qtconnectivity-6.8.diff
    Qt 6.5: https://codereview.qt-project.org/c/qt/tqtc-qtconnectivity/+/617086 or https://download.qt.io/official_releases/qt/6.5/CVE-2025-23050-qtconnectivity-6.5.diff
    Qt 5.15: https://codereview.qt-project.org/c/qt/tqtc-qtconnectivity/+/617371 or https://download.qt.io/official_releases/qt/5.15/CVE-2025-23050-qtconnectivity-5.15.diff

    Blog Topics:

    Comments

    Subscribe to our newsletter

    Subscribe Newsletter

    Try Qt 6.8 Now!

    Download the latest release here: www.qt.io/download.

    Qt 6.8 release focuses on technology trends like spatial computing & XR, complex data visualization in 2D & 3D, and ARM-based development for desktop.

    We're Hiring

    Check out all our open positions here and follow us on Instagram to see what it's like to be #QtPeople.

    Read Next

    Jan 27, 2025

    Qt Gradle Plugin 1.1 Released

    Qt Gradle Plugin 1.1 (QtGP) is here! If you missed 1.0 release, I..

    Read Article

    Jan 23, 2025

    Qt AI Assistant 0.8.8 Experimental Released

    We have released Qt AI Assistant to help you in cross-platform software..

    Read Article

    Jan 22, 2025

    Embedding Android Activities with Full Qt Quick Features

    Qt for Android Automotive has introduced a transformative new back-end for..

    Read Article

    G2 Leader Winter 2025 Logo
    Contact Us

    Qt Group includes The Qt Company Oy and its global subsidiaries and affiliates.