blob: f4d37021ca6cd45a4f87a9f12e2eb2166286a8d5 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
Description: INTEL-SA-00435
References:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
https://github.com/google/security-research/security/advisories/GHSA-h637-c88j-47wq
Notes:
carnil> CVE-2020-12351, CVE-2020-12352 and CVE-2020-24490 are three
carnil> issues covered by a set of commits/patches sent upstream but
carnil> there is no clear association from the CVEs to the commits. So
carnil> duplicate this entry for now to all three CVEs.
carnil> The commits are:
carnil> https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-1-luiz.dentz@gmail.com/
carnil> https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-2-luiz.dentz@gmail.com/
carnil> https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-3-luiz.dentz@gmail.com/
carnil> https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-4-luiz.dentz@gmail.com/
carnil> which are not yet in mainline, and
carnil> a2ec905d1e16 ("Bluetooth: fix kernel oops in
carnil> store_pending_adv_report") which is in 5.8 (and which was
carnil> backported to 5.7.13, 5.4.56 and 4.19.137). This commit fixes
carnil> c215e9397b00 ("Bluetooth: Process extended ADV report event")
carnil> which is in 4.19-rc1 but not backported to other stable series.
carnil> The "fixed version" information in INTEL-SA-00435 is thus as
carnil> well contradictory as it mentions the issue to be fixed in 5.9
carnil> or later.
carnil> CVE-2020-12351 is specifically referred to f19425641cb2
carnil> ("Bluetooth: L2CAP: Fix calling sk_filter on non-socket based
carnil> channel") and is backported to 5.9.1, 5.8.16, 4.19.152, 4.9.240
carnil> (and other stable versions).
Bugs:
upstream: pending [f19425641cb2572a33cb074d5e30283720bd4d22]
4.19-upstream-stable: released (4.19.152) [360f80e34292dbe91c23e893f90cd357aff8b68a]
4.9-upstream-stable: released (4.9.240) [720369661674527c8aa999fae0e295eeea12174c]
sid: needed
4.19-buster-security: needed
4.9-stretch-security: needed
|