Bug 2025034 (CVE-2021-41229)
Summary: | CVE-2021-41229 bluez: memory leak in the SDP protocol | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | bdettelb, bnocera, darcari, dwmw2, dzickus, gtiwari, hwkernel-mgr, spacewar |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | No Doc Update | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2022-05-11 19:16:18 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2025035, 2027434, 2027435 | ||
Bug Blocks: | 2025036 |
Description
Guilherme de Almeida Suckevicz
2021-11-19 18:27:47 UTC
Created bluez tracking bugs for this issue: Affects: fedora-all [bug 2025035] All versions of RHEL are affected by this flaw. This is low in impact however so flaw remediation will be delegated for supported releases. The flaw was caused by unfreed memory of a linked list which led to a memory leak. This could become very large which could result in the service crashing due to this flaw. A patch has been applied by ubuntu for all bluez packages and link provided below: Patch: https://git.launchpad.net/ubuntu/+source/bluez/diff/debian/patches/CVE-2021-41229.patch?h=applied/ubuntu/hirsute-security This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:2081 https://access.redhat.com/errata/RHSA-2022:2081 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-41229 |