APPLIED[K] : [SRU OEM-5.14/Jammy/HWE-5.17/Kinetic 0/2] CVE-2022-42896
Luke Nowakowski-Krijger
luke.nowakowskikrijger at canonical.com
Thu Jan 5 03:41:25 UTC 2023
Patch "Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM"
already applied in Kinetic upstream stable patchset 2022-12-15
Other patch was applied cleanly to kinetic:linux master-next
Thanks!
- Luke
On Fri, Dec 2, 2022 at 11:21 PM Cengiz Can <cengiz.can at canonical.com> wrote:
> [Impact]
> There are use-after-free vulnerabilities in the Linux kernel’s
> net/bluetooth/
> l2cap_core.c’s l2cap_connect and l2cap_le_connect_req functions which may
> allow
> code execution and leaking kernel memory (respectively) remotely via
> Bluetooth.
> A remote attacker could execute code leaking kernel memory via Bluetooth
> if
> within proximity of the victim.
>
> [Fix]
> Clean cherry picks from upstream. Note that 2nd patch in the series was
> not exactly tagged as a fix but was suggested as a complementing fix by
>
> https://github.com/google/security-research/security/advisories/GHSA-pf87-6c9q-jvm4
>
> [Test case]
> Compile, boot and basic functionality tested. There are two public PoCs
> but neither produce understandable results.
>
> [Potential regression]
> Low. Patches only add validation checks.
>
> Luiz Augusto von Dentz (2):
> Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM
> Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm
>
> net/bluetooth/l2cap_core.c | 27 ++++++++++++++++++++++++++-
> 1 file changed, 26 insertions(+), 1 deletion(-)
>
> --
> 2.37.2
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230104/5b56f393/attachment.html>
More information about the kernel-team
mailing list