[SRU][X/master][pull-req] CVE-2018-5383: Bluetooth info leak

Paolo Pisati paolo.pisati at canonical.com
Wed Jul 17 14:21:15 UTC 2019 

Bluetooth firmware or operating system software drivers may not sufficiently
validate elliptic curve parameters used to generate public keys during a
Diffie-Hellman key exchange, which may allow a remote attacker to obtain the
encryption key used by the device.

https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5383.html

According to Intel, linux-4.4.y is affected, but backporting the upstream fix
was not feasible (net/bluetooth/ecc.c, that is shipped in 4.4, has a different
provenance than crypto/ecc.c, that is the recent upstream implementation).
Linux 4.12+ completely removed net/blueooth/ecc.c and replaced it with the
crypto module ecdh (the one that received the cve fix upstream), and this is a
backport of that crypto module (plus all the necessary commits to make the
backport apply cleanly), and the actual cve fix.

The result is a clean cherry-pick from upstream (with some mechanical
modification), tested on a Xenial amd64 box, succesfully connecting it via
bluetooth to several devices (audio, hid, mobile) and exhanging different data
streams (audio, files, etc).

The following changes since commit 3693aaff5f5b24a250ecb936f320d0a5849bf62b:

  UBUNTU: Ubuntu-4.4.0-143.169 (2019-02-06 10:39:59 +0000)

are available in the git repository at:

  git://git.launchpad.net/~p-pisati/ubuntu/+source/linux 7a716e4ece23d2d9f86aa58d45500df7429fd2b3

for you to fetch changes up to 7a716e4ece23d2d9f86aa58d45500df7429fd2b3:

  crypto: ecdh - add public key verification test (2019-07-17 13:52:51 +0000)

----------------------------------------------------------------
Paolo Pisati (1):
      UBUNTU: [Config] CRYPTO_ECDH=m

Pierre (1):
      crypto: ecc - Fix NULL pointer deref. on no default_rng

Salvatore Benedetto (4):
      crypto: kpp - Key-agreement Protocol Primitives API (KPP)
      crypto: dh - Add DH software implementation
      crypto: ecdh - Add ECDH software support
      Bluetooth: convert smp and selftest to crypto kpp API

Stephan Mueller (2):
      crypto: doc - add KPP documentation
      crypto: ecdh - add public key verification test

Stephen Rothwell (1):
      crypto: ecdh - make ecdh_shared_secret unique

Tudor-Dan Ambarus (5):
      crypto: kpp, (ec)dh - fix typos
      crypto: ecc - remove unused function arguments
      crypto: ecc - remove unnecessary casts
      crypto: ecc - rename ecdh_make_pub_key()
      crypto: ecdh - add privkey generation support

 Documentation/crypto/api-kpp.rst          |   92 +++
 crypto/Kconfig                            |   24 +
 crypto/Makefile                           |   10 +
 crypto/crypto_user.c                      |   20 +
 crypto/dh.c                               |  189 +++++
 crypto/dh_helper.c                        |   95 +++
 crypto/ecc.c                              | 1104 +++++++++++++++++++++++++++++
 crypto/ecc.h                              |   92 +++
 crypto/ecc_curve_defs.h                   |   71 ++
 crypto/ecdh.c                             |  153 ++++
 crypto/ecdh_helper.c                      |   86 +++
 crypto/kpp.c                              |  123 ++++
 crypto/testmgr.c                          |  154 ++++
 crypto/testmgr.h                          |  323 +++++++++
 debian.master/config/config.common.ubuntu |    3 +
 include/crypto/dh.h                       |   87 +++
 include/crypto/ecdh.h                     |   88 +++
 include/crypto/internal/kpp.h             |   64 ++
 include/crypto/kpp.h                      |  339 +++++++++
 include/linux/crypto.h                    |    1 +
 include/uapi/linux/cryptouser.h           |    5 +
 net/bluetooth/Kconfig                     |    1 +
 net/bluetooth/Makefile                    |    2 +-
 net/bluetooth/ecc.c                       |  816 ---------------------
 net/bluetooth/ecc.h                       |   54 --
 net/bluetooth/ecdh_helper.c               |  223 ++++++
 net/bluetooth/ecdh_helper.h               |   27 +
 net/bluetooth/selftest.c                  |    6 +-
 net/bluetooth/smp.c                       |    8 +-
 29 files changed, 3382 insertions(+), 878 deletions(-)
 create mode 100644 Documentation/crypto/api-kpp.rst
 create mode 100644 crypto/dh.c
 create mode 100644 crypto/dh_helper.c
 create mode 100644 crypto/ecc.c
 create mode 100644 crypto/ecc.h
 create mode 100644 crypto/ecc_curve_defs.h
 create mode 100644 crypto/ecdh.c
 create mode 100644 crypto/ecdh_helper.c
 create mode 100644 crypto/kpp.c
 create mode 100644 include/crypto/dh.h
 create mode 100644 include/crypto/ecdh.h
 create mode 100644 include/crypto/internal/kpp.h
 create mode 100644 include/crypto/kpp.h
 delete mode 100644 net/bluetooth/ecc.c
 delete mode 100644 net/bluetooth/ecc.h
 create mode 100644 net/bluetooth/ecdh_helper.c
 create mode 100644 net/bluetooth/ecdh_helper.h
-- 
bye,
p.

More information about the kernel-team mailing list