Bug 1910048 (CVE-2020-35499)
Summary: | CVE-2020-35499 kernel: NULL pointer dereference in sco_sock_getsockopt function | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | acaringi, adscvr, airlied, bdettelb, bhu, blc, bmasney, brdeoliv, bskeggs, chwhite, dhoward, dvlasenk, fhrbata, hdegoede, hkrzesin, itamar, jarodwilson, jeremy, jforbes, jglisse, jlelli, jonathan, josef, jshortt, jstancek, jwboyer, kcarcia, kernel-maint, kernel-mgr, kmullins, lgoncalv, linville, masami256, mchehab, mlangsdo, nmurray, ptalbert, qzhao, rkeshri, rvrbovsk, security-response-team, steved, tomckay, walters, williams |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | kernel 5.11 | Doc Type: | If docs needed, set a value |
Doc Text: |
A NULL pointer dereference flaw may be seen if sco_sock_getsockopt function in net/bluetooth/sco.c do not have a sanity check for a socket connection, when using BT_SNDMTU/BT_RCVMTU for SCO sockets. This could allow a local attacker with a special user privilege to crash the system (DOS) or leak kernel internal information.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-12-31 06:27:37 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1909775 |
Description
Guilherme de Almeida Suckevicz
2020-12-22 13:02:57 UTC
Statement: There was no shipped kernel version were seen affected with this problem. Mitigation: Mitigation for this issue is not available with the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-35499 |