APPLIED Re: [UBUNTU OEM-6.0 0/1] CVE-2022-42896
Timo Aaltonen
tjaalton at ubuntu.com
Tue Feb 7 14:31:20 UTC 2023
Thadeu Lima de Souza Cascardo kirjoitti 27.1.2023 klo 21.05:
> [Impact]
> There are use-after-free vulnerabilities in the Linux kernel net/bluetooth/
> l2cap_core.c l2cap_connect and l2cap_le_connect_req functions which may allow
> code execution and leaking kernel memory (respectively) remotely via Bluetooth.
> A remote attacker could execute code leaking kernel memory via Bluetooth if
> within proximity of the victim.
>
> [Fix]
> Two patches are necessary to fix this, but one is already applied to
> linux-oem-6.0. Other kernels already got the two fixes, when appropriate.
>
> [Potential regression]
> Bluetooth connections might fail.
>
> Luiz Augusto von Dentz (1):
> Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm
>
> net/bluetooth/l2cap_core.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
applied to oem-6.0, thanks
--
t
More information about the kernel-team
mailing list