retired/CVE-2022-42896


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

Description: Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM
References:
 https://github.com/google/security-research/security/advisories/GHSA-pf87-6c9q-jvm4
 https://www.openwall.com/lists/oss-security/2022/12/14/7
Notes:
 carnil> for 6.0.y fixed in 6.0.8.
 bwh> The Google advisory lists two commits; the second was backported in
 bwh> 6.0.10.
Bugs:
upstream: released (6.1-rc4) [711f8c3fb3db61897080468586b970c87c61d9e4, f937b758a188d6fd328a81367087eddbb2fce50f]
5.10-upstream-stable: released (5.10.154) [6b6f94fb9a74dd2891f11de4e638c6202bc89476), releaed (5.10.156) [bd487932408d462ed86b10833da35c61f618f62f]
4.19-upstream-stable: released (4.19.268) [a2045d57e844864605d39e6cfd2237861d800f13), released (4.19.267) [fbe7cb8400700ddbd1a631c3a8b66604a6d0f479]
sid: released (6.0.7-1) [bugfix/all/Bluetooth-L2CAP-Fix-accepting-connection-request-for.patch], released (6.0.10-1)
5.10-bullseye-security: released (5.10.158-1)
4.19-buster-security: released (4.19.269-1)