[SRU][F][PATCH 0/1] CVE-2024-24860
Yuxuan Luo
yuxuan.luo at canonical.com
Tue Jul 9 18:44:07 UTC 2024
[Impact]
A race condition is found in net/bluetooth subsystem during a key
setting session due to atomicity violation. This data race can lead to
unexpected data inconsistency, harming user system's data integrity.
[Backport]
Although the break commit is not included in the tree, we believe that
the race condition has long existed since the introduction of
le_min_key_size_write() and le_max_key_size_write() which were later
renamed to {min,max}_key_size_set(). Therefore, I manually applied the
fix made for hci_debugfs.c to smp.c since 18f81241b74f ("Bluetooth: Move
{min,max}_key_size debugfs into hci_debugfs_create_le") is yet to be
introduced.
[Test]
Compiled only.
[Where things could go wrong]
Bluetooth system may produce unexpected behaviour when pairing if
a regression occurs.
Gui-Dong Han (1):
Bluetooth: Fix atomicity violation in {min,max}_key_size_set
net/bluetooth/smp.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list