APPLIED[B]: [SRU Bionic/Focal v3 0/2] CVE-2022-42896
Luke Nowakowski-Krijger
luke.nowakowskikrijger at canonical.com
Thu Jan 5 03:51:28 UTC 2023
Applied to bionic linux master-next
Thanks!
- Luke
On Tue, Dec 6, 2022 at 5:19 AM Cengiz Can <cengiz.can at canonical.com> wrote:
> [Impact]
> There are use-after-free vulnerabilities in the Linux kernel’s
> net/bluetooth/
> l2cap_core.c’s l2cap_connect and l2cap_le_connect_req functions which may
> allow
> code execution and leaking kernel memory (respectively) remotely via
> Bluetooth.
> A remote attacker could execute code leaking kernel memory via Bluetooth if
> within proximity of the victim.
>
> [Fix]
> Actual fix is achieved by following commits:
>
> - "Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm"
> - "Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM"
>
> [Test case]
> Compile, boot and basic functionality tested. There are two public PoCs
> but neither produce understandable results. (Basic functionality test:
> l2test from bluez package, ran with USB and PCI bluetooth transceivers).
>
> [Potential regression]
> Low. Fixes only add extra checks.
>
> [Changes in v3]
> - Dropped unnecessary dependency patches.
> - (Focal only) Used L2CAP_CR_BAD_PSM instead of L2CAP_CR_LE_BAD_PSM as
> return
> value.
>
> Luiz Augusto von Dentz (2):
> Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM
> Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm
>
> net/bluetooth/l2cap_core.c | 15 ++++++++++++++-
> 1 file changed, 14 insertions(+), 1 deletion(-)
>
> --
> 2.37.2
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230104/e073fd6d/attachment-0001.html>
More information about the kernel-team
mailing list