[UBUNTU,OEM-6.0,0/1] CVE-2022-42896

Message ID	20230127190550.1043919-1-cascardo@canonical.com
Headers	show Return-Path: <kernel-team-bounces@lists.ubuntu.com> From: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> To: kernel-team@lists.ubuntu.com Subject: [UBUNTU OEM-6.0 0/1] CVE-2022-42896 Date: Fri, 27 Jan 2023 16:05:49 -0300 Message-Id: <20230127190550.1043919-1-cascardo@canonical.com> MIME-Version: 1.0 Precedence: list Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>
Series	CVE-2022-42896 \| expand [UBUNTU,OEM-6.0,0/1] CVE-2022-42896 [UBUNTU,OEM-6.0,1/1] Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm

Message ID

20230127190550.1043919-1-cascardo@canonical.com

Headers

From: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [UBUNTU OEM-6.0 0/1] CVE-2022-42896
Date: Fri, 27 Jan 2023 16:05:49 -0300
Message-Id: <20230127190550.1043919-1-cascardo@canonical.com>
MIME-Version: 1.0
Precedence: list
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

Series

CVE-2022-42896 | expand

Message

Thadeu Lima de Souza Cascardo Jan. 27, 2023, 7:05 p.m. UTC

[Impact]
There are use-after-free vulnerabilities in the Linux kernel net/bluetooth/
l2cap_core.c l2cap_connect and l2cap_le_connect_req functions which may allow
code execution and leaking kernel memory (respectively) remotely via Bluetooth.
A remote attacker could execute code leaking kernel memory via Bluetooth if
within proximity of the victim.

[Fix]
Two patches are necessary to fix this, but one is already applied to
linux-oem-6.0. Other kernels already got the two fixes, when appropriate.

[Potential regression]
Bluetooth connections might fail.

Luiz Augusto von Dentz (1):
  Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm

 net/bluetooth/l2cap_core.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Tim Gardner Jan. 29, 2023, 3:55 p.m. UTC | #1

On 1/27/23 12:05, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> There are use-after-free vulnerabilities in the Linux kernel net/bluetooth/
> l2cap_core.c l2cap_connect and l2cap_le_connect_req functions which may allow
> code execution and leaking kernel memory (respectively) remotely via Bluetooth.
> A remote attacker could execute code leaking kernel memory via Bluetooth if
> within proximity of the victim.
> 
> [Fix]
> Two patches are necessary to fix this, but one is already applied to
> linux-oem-6.0. Other kernels already got the two fixes, when appropriate.
> 
> [Potential regression]
> Bluetooth connections might fail.
> 
> Luiz Augusto von Dentz (1):
>    Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm
> 
>   net/bluetooth/l2cap_core.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
Acked-by: Tim Gardner <tim.gardner@canonical.com>

Timo Aaltonen Feb. 7, 2023, 2:31 p.m. UTC | #2

Thadeu Lima de Souza Cascardo kirjoitti 27.1.2023 klo 21.05:
> [Impact]
> There are use-after-free vulnerabilities in the Linux kernel net/bluetooth/
> l2cap_core.c l2cap_connect and l2cap_le_connect_req functions which may allow
> code execution and leaking kernel memory (respectively) remotely via Bluetooth.
> A remote attacker could execute code leaking kernel memory via Bluetooth if
> within proximity of the victim.
> 
> [Fix]
> Two patches are necessary to fix this, but one is already applied to
> linux-oem-6.0. Other kernels already got the two fixes, when appropriate.
> 
> [Potential regression]
> Bluetooth connections might fail.
> 
> Luiz Augusto von Dentz (1):
>    Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm
> 
>   net/bluetooth/l2cap_core.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 

applied to oem-6.0, thanks