ACK: [UBUNTU OEM-6.0 0/1] CVE-2022-42896
Tim Gardner
tim.gardner at canonical.com
Sun Jan 29 15:55:04 UTC 2023
On 1/27/23 12:05, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> There are use-after-free vulnerabilities in the Linux kernel net/bluetooth/
> l2cap_core.c l2cap_connect and l2cap_le_connect_req functions which may allow
> code execution and leaking kernel memory (respectively) remotely via Bluetooth.
> A remote attacker could execute code leaking kernel memory via Bluetooth if
> within proximity of the victim.
>
> [Fix]
> Two patches are necessary to fix this, but one is already applied to
> linux-oem-6.0. Other kernels already got the two fixes, when appropriate.
>
> [Potential regression]
> Bluetooth connections might fail.
>
> Luiz Augusto von Dentz (1):
> Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm
>
> net/bluetooth/l2cap_core.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
Acked-by: Tim Gardner <tim.gardner at canonical.com>
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list