[SRU] [T/X/B/C/D] [PATCH 0/1] CVE-2019-3460 - Heap data infoleak in multiple locations including functionl2cap_parse_conf_rsp
Kai-Heng Feng
kai.heng.feng at canonical.com
Tue Feb 19 12:27:43 UTC 2019
The L2CAP config octet length other than 1,2 and 4 will be uses as a
pointer.
To avoid being tricked into a pointer, always check its length.
For Trusty, another commit is cherry-picked as an dependency. The commit
has a CVE number, but somehow it's not in the CVE Matrix. Xenial forward
doesn't need the patch.
Marcel Holtmann (1):
Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt
net/bluetooth/l2cap_core.c | 77 +++++++++++++++++++++++---------------
1 file changed, 46 insertions(+), 31 deletions(-)
--
2.17.1
More information about the kernel-team
mailing list