[SRU OEM-5.14/Jammy/HWE-5.17/Kinetic 0/2] CVE-2022-42896
Cengiz Can
cengiz.can at canonical.com
Fri Dec 2 18:10:14 UTC 2022
[Impact]
There are use-after-free vulnerabilities in the Linux kernel’s net/bluetooth/
l2cap_core.c’s l2cap_connect and l2cap_le_connect_req functions which may allow
code execution and leaking kernel memory (respectively) remotely via Bluetooth.
A remote attacker could execute code leaking kernel memory via Bluetooth if
within proximity of the victim.
[Fix]
Clean cherry picks from upstream. Note that 2nd patch in the series was
not exactly tagged as a fix but was suggested as a complementing fix by
https://github.com/google/security-research/security/advisories/GHSA-pf87-6c9q-jvm4
[Test case]
Compile, boot and basic functionality tested. There are two public PoCs
but neither produce understandable results.
[Potential regression]
Low. Patches only add validation checks.
Luiz Augusto von Dentz (2):
Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM
Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm
net/bluetooth/l2cap_core.c | 27 ++++++++++++++++++++++++++-
1 file changed, 26 insertions(+), 1 deletion(-)
--
2.37.2
More information about the kernel-team
mailing list