[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2022-26878: Memory leak in Linux VirtIO Bluetooth driver
From: Sönke_Huster <soenke.huster () eknoes ! de>
Date: 2022-03-11 11:16:35
Message-ID: de937be5-35ed-af7b-b20a-a1150c700fa1 () eknoes ! de
[Download RAW message or body]
Hi oss-security,
A memory leak in the VirtIO Bluetooth driver for Linux, which is included since v5.13,
allows an attacker with access to the VirtIO counterpart of the driver
to create a DoS by sending invalid frames to the drivers interface.
Therefore, the driver must be in use.
This is fixed in 1d0688421449 [1], which was backported and thus
fixed in v5.16.3 [2] and v5.15.17 [3].
CVE-2022-26878 was assigned by MITRE.
Best,
Sönke
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1d0688421449718c6c5f46e458a378c9b530ba18
[2] https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.3
[3] https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.17
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic