[PATCH 0/3] CVE-2010-4242
Stefan Bader
stefan.bader at canonical.com
Mon Feb 14 09:54:52 UTC 2011
On 02/11/2011 09:35 PM, Brad Figg wrote:
> Following this email will be 3 patches associated with this CVE. The patches
> apply cleanly to Dapper, Hardy and Karmic. Lucid, Maverick and Natty have
> already received this patch as part of upstream stable commits (or just
> regular upstream commits).
>
> CVE-2010-4242
>
> The hci_uart_tty_open function in the HCI UART driver
> (drivers/bluetooth/hci_ldisc.c) in the Linux kernel 2.6.36, and possibly
> other versions, does not verify whether the tty has a write operation,
> which allows local users to cause a denial of service (NULL pointer
> dereference) via vectors related to the Bluetooth driver.
>
> Alan Cox (1):
> bluetooth: Fix missing NULL check, CVE-2010-4242
>
> drivers/bluetooth/hci_ldisc.c | 7 +++++++
> 1 files changed, 7 insertions(+), 0 deletions(-)
>
>
Acked-by: Stefan Bader <stefan.bader at canonical.com>
More information about the kernel-team
mailing list