[PATCH] [SRU][B/master] CVE-2018-5383: Bluetooth info leak
Paolo Pisati
paolo.pisati at canonical.com
Wed Jul 17 09:02:41 UTC 2019
Bluetooth firmware or operating system software drivers may not sufficiently
validate elliptic curve parameters used to generate public keys during a
Diffie-Hellman key exchange, which may allow a remote attacker to obtain the
encryption key used by the device.
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5383.html
Clean cherry-pick from upstream, compile tested.
Stephan Mueller (1):
crypto: ecdh - add public key verification test
crypto/ecc.c | 42 ++++++++++++++++++++++++++++++++++++++----
crypto/ecc_curve_defs.h | 22 ++++++++++++++++++----
2 files changed, 56 insertions(+), 8 deletions(-)
--
2.7.4
More information about the kernel-team
mailing list