Message ID | 20230127190550.1043919-1-cascardo@canonical.com |
---|---|
Headers | show |
Series | CVE-2022-42896 | expand |
On 1/27/23 12:05, Thadeu Lima de Souza Cascardo wrote: > [Impact] > There are use-after-free vulnerabilities in the Linux kernel net/bluetooth/ > l2cap_core.c l2cap_connect and l2cap_le_connect_req functions which may allow > code execution and leaking kernel memory (respectively) remotely via Bluetooth. > A remote attacker could execute code leaking kernel memory via Bluetooth if > within proximity of the victim. > > [Fix] > Two patches are necessary to fix this, but one is already applied to > linux-oem-6.0. Other kernels already got the two fixes, when appropriate. > > [Potential regression] > Bluetooth connections might fail. > > Luiz Augusto von Dentz (1): > Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm > > net/bluetooth/l2cap_core.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > Acked-by: Tim Gardner <tim.gardner@canonical.com>
Thadeu Lima de Souza Cascardo kirjoitti 27.1.2023 klo 21.05: > [Impact] > There are use-after-free vulnerabilities in the Linux kernel net/bluetooth/ > l2cap_core.c l2cap_connect and l2cap_le_connect_req functions which may allow > code execution and leaking kernel memory (respectively) remotely via Bluetooth. > A remote attacker could execute code leaking kernel memory via Bluetooth if > within proximity of the victim. > > [Fix] > Two patches are necessary to fix this, but one is already applied to > linux-oem-6.0. Other kernels already got the two fixes, when appropriate. > > [Potential regression] > Bluetooth connections might fail. > > Luiz Augusto von Dentz (1): > Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm > > net/bluetooth/l2cap_core.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > applied to oem-6.0, thanks