CVE-2020-15710

Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program. The modargs variable may be freed twice in the fail condition in src/modules/bluetooth/module-bluez5-device.c and src/modules/bluetooth/module-bluez5-device.c. Fixed in 1:8.0-0ubuntu3.14.

Published: Nov 19, 2020
Updated: Nov 16, 2025
CVE: CVE-2020-15710
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H

CVSS v2:

Severity: Low
Score: 3.6
AV:L/AC:L/Au:N/C:P/I:N/A:P

CWEs:

CWE-415

Affected Software
References

Software	From	Fixed in
pulseaudio_project / pulseaudio	1-8.0-0ubuntu1	1-8.0-0ubuntu1.x
pulseaudio_project / pulseaudio	1-8.0-0ubuntu2	1-8.0-0ubuntu2.x
pulseaudio_project / pulseaudio	1-8.0-0ubuntu3	1-8.0-0ubuntu3.x
pulseaudio_project / pulseaudio	1-8.0-0ubuntu3.1	1-8.0-0ubuntu3.1.x
pulseaudio_project / pulseaudio	1-8.0-0ubuntu3.2	1-8.0-0ubuntu3.2.x
pulseaudio_project / pulseaudio	1-8.0-0ubuntu3.3	1-8.0-0ubuntu3.3.x
pulseaudio_project / pulseaudio	1-8.0-0ubuntu3.4	1-8.0-0ubuntu3.4.x
pulseaudio_project / pulseaudio	1-8.0-0ubuntu3.5	1-8.0-0ubuntu3.5.x
pulseaudio_project / pulseaudio	1-8.0-0ubuntu3.6	1-8.0-0ubuntu3.6.x
pulseaudio_project / pulseaudio	1-8.0-0ubuntu3.7	1-8.0-0ubuntu3.7.x
pulseaudio_project / pulseaudio	1-8.0-0ubuntu3.8	1-8.0-0ubuntu3.8.x
pulseaudio_project / pulseaudio	1-8.0-0ubuntu3.9	1-8.0-0ubuntu3.9.x
pulseaudio_project / pulseaudio	1-8.0-0ubuntu3.10	1-8.0-0ubuntu3.10.x
pulseaudio_project / pulseaudio	1-8.0-0ubuntu3.11	1-8.0-0ubuntu3.11.x
pulseaudio_project / pulseaudio	1-8.0-0ubuntu3.12	1-8.0-0ubuntu3.12.x
pulseaudio_project / pulseaudio	1-8.0-0ubuntu4	1-8.0-0ubuntu4.x

Vulnerability Database

320,936

CVE-2020-15710

Deep Security Visibility Without the Complexity