ACK: [SRU OEM-5.14, HWE-5.17 0/1] CVE-2022-20566
Tim Gardner
tim.gardner at canonical.com
Fri Feb 3 13:46:50 UTC 2023
On 2/1/23 3:23 PM, Cengiz Can wrote:
> [Impact]
> In l2cap_chan_put of l2cap_core, there is a possible use after free due to
> improper locking. This could lead to local escalation of privilege with no
> additional execution privileges needed. User interaction is not needed for
> exploitation.
>
> [Fix]
> Clean cherry pick from upstream.
>
> [Test case]
> Compile, boot and basic functionality tested with l2test.
>
> [Potential regression]
> Low. Adds a function to help with null check.
>
> Luiz Augusto von Dentz (1):
> Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put
>
> include/net/bluetooth/l2cap.h | 1 +
> net/bluetooth/l2cap_core.c | 61 +++++++++++++++++++++++++++--------
> 2 files changed, 49 insertions(+), 13 deletions(-)
>
Acked-by: Tim Gardner <tim.gardner at canonical.com>
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list