APPLIED: [PATCH] [SRU][B/master] CVE-2018-5383: Bluetooth info leak
Khaled Elmously
khalid.elmously at canonical.com
Tue Jul 23 05:19:45 UTC 2019
On 2019-07-17 11:02:41 , Paolo Pisati wrote:
> Bluetooth firmware or operating system software drivers may not sufficiently
> validate elliptic curve parameters used to generate public keys during a
> Diffie-Hellman key exchange, which may allow a remote attacker to obtain the
> encryption key used by the device.
>
> https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5383.html
>
> Clean cherry-pick from upstream, compile tested.
>
> Stephan Mueller (1):
> crypto: ecdh - add public key verification test
>
> crypto/ecc.c | 42 ++++++++++++++++++++++++++++++++++++++----
> crypto/ecc_curve_defs.h | 22 ++++++++++++++++++----
> 2 files changed, 56 insertions(+), 8 deletions(-)
>
> --
> 2.7.4
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list