[PATCH 0/3] CVE-2010-4242
Brad Figg
brad.figg at canonical.com
Fri Feb 11 20:35:17 UTC 2011
Following this email will be 3 patches associated with this CVE. The patches
apply cleanly to Dapper, Hardy and Karmic. Lucid, Maverick and Natty have
already received this patch as part of upstream stable commits (or just
regular upstream commits).
CVE-2010-4242
The hci_uart_tty_open function in the HCI UART driver
(drivers/bluetooth/hci_ldisc.c) in the Linux kernel 2.6.36, and possibly
other versions, does not verify whether the tty has a write operation,
which allows local users to cause a denial of service (NULL pointer
dereference) via vectors related to the Bluetooth driver.
Alan Cox (1):
bluetooth: Fix missing NULL check, CVE-2010-4242
drivers/bluetooth/hci_ldisc.c | 7 +++++++
1 files changed, 7 insertions(+), 0 deletions(-)
More information about the kernel-team
mailing list