Bug 1663176 (CVE-2019-3459)
| Summary: | CVE-2019-3459 kernel: Heap address information leak while using L2CAP_GET_CONF_OPT | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Andrej Nemec <anemec> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | abhgupta, acaringi, airlied, bhu, blc, brdeoliv, bskeggs, chris.snell, dbaker, dhoward, dvlasenk, fhrbata, gtiwari, hdegoede, hkrzesin, hwkernel-mgr, iboverma, ichavero, itamar, jarodwilson, jeremy, jforbes, jglisse, jkacur, john.j5live, jokerman, jonathan, josef, jross, jstancek, jwboyer, kernel-maint, kernel-mgr, labbott, lgoncalv, linville, matt, mchehab, mcressma, mjg59, mlangsdo, nmurray, plougher, pmatouse, psampaio, rt-maint, rvrbovsk, security-response-team, steved, sthangav, trankin, williams, wmealing, yozone |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found in the Linux kernel's implementation of Logical Link Control and Adaptation Protocol (L2CAP), part of the Bluetooth stack. An attacker, within the range of standard Bluetooth transmissions, can create and send a specially crafted packet. The response to this specially crafted packet can contain part of the kernel stack which can be used in a further attack.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-08-06 13:21:16 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1664555, 1664556, 1664557, 1664558, 1665925, 1700506, 1700507, 1700508, 1772255, 1772256, 1772257, 1772258 | ||
| Bug Blocks: | 1663182 | ||
|
Description
Andrej Nemec
2019-01-03 11:24:43 UTC
Public via: https://seclists.org/oss-sec/2019/q1/58 Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1665925] Hi Wade/Andrej, Seems patch for this https://lore.kernel.org/linux-bluetooth/20190110062833.GA15047@kroah.com/ Not yet made it to upstream ? Can you confirm ? Gopal.. (In reply to gopal krishna tiwari from comment #8) > Hi Wade/Andrej, > > Seems patch for this > > https://lore.kernel.org/linux-bluetooth/20190110062833.GA15047@kroah.com/ > > Not yet made it to upstream ? Can you confirm ? > > Gopal.. Hi Gopal, This seems to be the relevant upstream patch link: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c9cbd0b5e38a1672fcd137894ace3b042dfbf69 (In reply to Andrej Nemec from comment #9) > (In reply to gopal krishna tiwari from comment #8) > > Hi Wade/Andrej, > > > > Seems patch for this > > > > https://lore.kernel.org/linux-bluetooth/20190110062833.GA15047@kroah.com/ > > > > Not yet made it to upstream ? Can you confirm ? > > > > Gopal.. > > Hi Gopal, > > This seems to be the relevant upstream patch link: > > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/ > ?id=7c9cbd0b5e38a1672fcd137894ace3b042dfbf69 Sure, Thanks. Will post this patch soon. Gopal (In reply to Andrej Nemec from comment #9) > (In reply to gopal krishna tiwari from comment #8) > > Hi Wade/Andrej, > > > > Seems patch for this > > > > https://lore.kernel.org/linux-bluetooth/20190110062833.GA15047@kroah.com/ > > > > Not yet made it to upstream ? Can you confirm ? > > > > Gopal.. > > Hi Gopal, > > This seems to be the relevant upstream patch link: > > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/ > ?id=7c9cbd0b5e38a1672fcd137894ace3b042dfbf69 AFIU this patch fixes both CVE-2019-3459 & CVE-2019-3460 ? Gopal (In reply to gopal krishna tiwari from comment #11) > (In reply to Andrej Nemec from comment #9) > > (In reply to gopal krishna tiwari from comment #8) > > > Hi Wade/Andrej, > > > > > > Seems patch for this > > > > > > https://lore.kernel.org/linux-bluetooth/20190110062833.GA15047@kroah.com/ > > > > > > Not yet made it to upstream ? Can you confirm ? > > > > > > Gopal.. > > > > Hi Gopal, > > > > This seems to be the relevant upstream patch link: > > > > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/ > > ?id=7c9cbd0b5e38a1672fcd137894ace3b042dfbf69 > > AFIU this patch fixes both CVE-2019-3459 & CVE-2019-3460 ? > > Gopal Hello Gopal, Yes, this patch addresses both vulnerable functions L2CAP_GET_CONF_OPT (CVE-2019-3459) and L2CAP_PARSE_CONF_RSP (CVE-2019-3460). This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2029 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2019:2043 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-3459 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3309 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3517 https://access.redhat.com/errata/RHSA-2019:3517 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:0740 https://access.redhat.com/errata/RHSA-2020:0740 |