APPLIED: [SRU][F][PATCH 0/1] CVE-2024-24860

[Stefan Bader]

On 09.07.24 20:44, Yuxuan Luo wrote:
> [Impact]
> A race condition is found in net/bluetooth subsystem during a key
> setting session due to atomicity violation. This data race can lead to
> unexpected data inconsistency, harming user system's data integrity.
> 
> [Backport]
> Although the break commit is not included in the tree, we believe that
> the race condition has long existed since the introduction of
> le_min_key_size_write() and le_max_key_size_write() which were later
> renamed to {min,max}_key_size_set(). Therefore, I manually applied the
> fix made for hci_debugfs.c to smp.c since 18f81241b74f ("Bluetooth: Move
> {min,max}_key_size debugfs into hci_debugfs_create_le") is yet to be
> introduced.
> 
> [Test]
> Compiled only.
> 
> [Where things could go wrong]
> Bluetooth system may produce unexpected behaviour when pairing if
> a regression occurs.
> 
> Gui-Dong Han (1):
>    Bluetooth: Fix atomicity violation in {min,max}_key_size_set
> 
>   net/bluetooth/smp.c | 12 ++++++++++--
>   1 file changed, 10 insertions(+), 2 deletions(-)
> 

Applied to focal:linux/master-next. Thanks.

-Stefan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 48643 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240719/cc11d799/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240719/cc11d799/attachment-0001.sig>