From e4c935b98ab666d8c1894f0cc82b35ff1e3e70d3 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sun, 12 Sep 2021 15:15:33 +0200
Subject: Update status for CVE-2021-3640

---
 active/CVE-2021-3640 | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'active/CVE-2021-3640')

diff --git a/active/CVE-2021-3640 b/active/CVE-2021-3640
index f30d01c05..b2932d4d5 100644
--- a/active/CVE-2021-3640
+++ b/active/CVE-2021-3640
@@ -2,9 +2,16 @@ Description: UAF in sco_send_frame function
 References:
  https://www.openwall.com/lists/oss-security/2021/07/22/1
  https://bugzilla.suse.com/show_bug.cgi?id=1188172
+ https://x-lore.kernel.org/all/883dc4b7-d1a1-3d31-a5a8-8fa1791084b6@i-love.sakura.ne.jp/
 Notes:
+ carnil> Prerequisites before the "last piece for fixing CVE-2021-3640"
+ carnil> are e04480920d1e ("Bluetooth: defer cleanup of resources in
+ carnil> hci_unregister_dev()") and 734bc5ff7831 ("Bluetooth: avoid
+ carnil> circular locks in sco_sock_connect"), ba316be1b6a0 ("Bluetooth:
+ carnil> schedule SCO timeouts with delayed_work"), 27c24fda62b6
+ carnil> ("Bluetooth: switch to lock_sock in SCO")
 Bugs:
-upstream:
+upstream: needed
 5.10-upstream-stable:
 4.19-upstream-stable:
 4.9-upstream-stable:
-- 
cgit v1.2.3