Description: Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability
References:
 https://bugzilla.redhat.com/show_bug.cgi?id=2017077
 https://www.zerodayinitiative.com/advisories/ZDI-21-1223/
Notes:
 carnil> It is claimed in ZDI-21-1223 that the issue got fixed in
 carnil> 5.10.42 but no references are added.
 carnil> The stable commits wrongly reference
 carnil> 8da3a0b87f4f1c3a3bbc4bfb78cf68476e97d183 as upstream commit,
 carnil> while the commit in mainline is
 carnil> 3cfdf8fcaafa62a4123f92eb0f4a72650da3a479 ?
Bugs:
upstream: released (5.14-rc1) [3cfdf8fcaafa62a4123f92eb0f4a72650da3a479]
5.10-upstream-stable: released (5.10.42) [1b364f8ede200e79e25df0df588fcedc322518fb]
4.19-upstream-stable: released (4.19.193) [f8be26b9950710fe50fb45358df5bd01ad18efb7]
4.9-upstream-stable: released (4.9.271) [77c559407276ed4a8854dafc4a5efc8608e51906]
sid: released (5.10.46-1)
5.10-bullseye-security: N/A "Fixed before branching point"
4.19-buster-security: released (4.19.194-1)
4.9-stretch-security: released (4.9.272-1)