blob: 413e520a3d09308a10d4c56311f4d7a4daaf169b (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
Description: Bluetooth: hci_conn_cleanup function has double free
References:
https://www.openwall.com/lists/oss-security/2023/03/28/2
https://lore.kernel.org/lkml/20230309074645.74309-1-wzhmmmmm@gmail.com/
https://lore.kernel.org/linux-bluetooth/20230330220332.1035910-1-luiz.dentz@gmail.com/
Notes:
bwh> Introduced in 6.3 by commit 0f00cd322d22 "Bluetooth: Free
bwh> potentially unfreed SCO connection" and backported to 6.1.25.
bwh> Since the fix was also backported in 6.1.25, neither sid nor
bwh> 6.1-upstream-stable was ever affected.
carnil> Upstream commit a85fb91e3d72 ("Bluetooth: Fix double free in
carnil> hci_conn_cleanup") in 6.7-rc1 and backported to 6.6.3, 6.5.13,
carnil> 6.1.64, 5.10.202 and 4.19.300 as well claim to fix the CVE.
carnil> Unclear if this is a followup fix needed to completely fix the
carnil> CVE, thus for now not considering it for tracking the fixed
carnil> version. The fix will be pulled in the next round of updates
carnil> anyway.
Bugs:
upstream: released (6.3-rc7) [5dc7d23e167e2882ef118456ceccd57873e876d8]
6.1-upstream-stable: released (6.1.25) [8c4b65f6c707bc07cbcd871667b5056821c5685d]
5.10-upstream-stable: N/A "Vulnerability introduced later"
4.19-upstream-stable: N/A "Vulnerability introduced later"
sid: N/A "Vulnerable code not present"
6.1-bookworm-security: N/A "Fixed before branch point"
5.10-bullseye-security: N/A "Vulnerability introduced later"
4.19-buster-security: N/A "Vulnerability introduced later"
|