blob: e7f1faa547626f318b6b9f0f4329a8a2d8afc275 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
Description: Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability
References:
https://bugzilla.redhat.com/show_bug.cgi?id=2017077
https://www.zerodayinitiative.com/advisories/ZDI-21-1223/
Notes:
carnil> It is claimed in ZDI-21-1223 that the issue got fixed in
carnil> 5.10.42 but no references are added.
carnil> The stable commits wrongly reference
carnil> 8da3a0b87f4f1c3a3bbc4bfb78cf68476e97d183 as upstream commit,
carnil> while the commit in mainline is
carnil> 3cfdf8fcaafa62a4123f92eb0f4a72650da3a479 ?
Bugs:
upstream: released (5.14-rc1) [3cfdf8fcaafa62a4123f92eb0f4a72650da3a479]
5.10-upstream-stable: released (5.10.42) [1b364f8ede200e79e25df0df588fcedc322518fb]
4.19-upstream-stable: released (4.19.193) [f8be26b9950710fe50fb45358df5bd01ad18efb7]
4.9-upstream-stable: released (4.9.271) [77c559407276ed4a8854dafc4a5efc8608e51906]
sid: released (5.10.46-1)
5.10-bullseye-security: N/A "Fixed before branching point"
4.19-buster-security: released (4.19.194-1)
4.9-stretch-security: released (4.9.272-1)
|
