blob: c687c02553a5a831fede6b4dd750de10ee903132 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
Description: UAF in sco_send_frame function
References:
https://www.openwall.com/lists/oss-security/2021/07/22/1
https://bugzilla.suse.com/show_bug.cgi?id=1188172
https://x-lore.kernel.org/all/883dc4b7-d1a1-3d31-a5a8-8fa1791084b6@i-love.sakura.ne.jp/
Notes:
carnil> Prerequisites before the "last piece for fixing CVE-2021-3640"
carnil> are e04480920d1e ("Bluetooth: defer cleanup of resources in
carnil> hci_unregister_dev()") and 734bc5ff7831 ("Bluetooth: avoid
carnil> circular locks in sco_sock_connect"), ba316be1b6a0 ("Bluetooth:
carnil> schedule SCO timeouts with delayed_work"), 27c24fda62b6
carnil> ("Bluetooth: switch to lock_sock in SCO")
carnil> For 5.15.y fixed as well in 5.15.3
Bugs:
upstream: released (5.16-rc1) [99c23da0eed4fd20cae8243f2b51e10e66aa0951]
5.10-upstream-stable: released (5.10.80) [4dfba42604f08a505f1a1efc69ec5207ea6243de]
4.19-upstream-stable: released (4.19.218) [c1c913f797f3d2441310182ad75b7bd855a327ff]
4.9-upstream-stable: released (4.9.291) [9bbe312ebea40c9b586c2b07a0d0948ff418beca]
sid: released (5.15.3-1)
5.10-bullseye-security: needed
4.19-buster-security: needed
4.9-stretch-security: needed
|