[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2022-26878: Memory leak in Linux VirtIO Bluetooth driver
From:       Sönke_Huster <soenke.huster () eknoes ! de>
Date:       2022-03-11 11:16:35
Message-ID: de937be5-35ed-af7b-b20a-a1150c700fa1 () eknoes ! de
[Download RAW message or body]

Hi oss-security,

A memory leak in the VirtIO Bluetooth driver for Linux, which is included since v5.13,
allows an attacker with access to the VirtIO counterpart of the driver
to create a DoS by sending invalid frames to the drivers interface.
Therefore, the driver must be in use.

This is fixed in 1d0688421449 [1], which was backported and thus
fixed in v5.16.3 [2] and v5.15.17 [3].

CVE-2022-26878 was assigned by MITRE.

Best,
Sönke

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1d0688421449718c6c5f46e458a378c9b530ba18
 [2] https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.3
[3] https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.17


[prev in list] [next in list] [prev in thread] [next in thread]