Bug 1536155 (CVE-2017-13220) - CVE-2017-13220 kernel: Possible out-of-bound access in Bluetooth subsystem
Summary: CVE-2017-13220 kernel: Possible out-of-bound access in Bluetooth subsystem
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2017-13220
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1296707 1537198
Blocks: 1536160
TreeView+ depends on / blocked
 
Reported: 2018-01-18 18:01 UTC by Laura Pardo
Modified: 2021-02-17 00:56 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
An out-of-bound access, and a possible memory corruption vulnerability leading to a system crash, was found in the Linux kernel in the Bluetooth subsystem. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely.
Clone Of:
Environment:
Last Closed: 2018-04-10 09:18:08 UTC
Embargoed:

Attachments (Terms of Use)

Description Laura Pardo 2018-01-18 18:01:37 UTC 
An out-of-bound access and a possible memory corruption vulnerability leading to a system crash was found in the Linux kernel in the BlueTooth subsystem.  Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.

Previously this vulnerability was referenced as a flaw in Android kernel with an id of A-63527053.

References:

https://source.android.com/security/bulletin/pixel/2018-01-01#kernel-components

http://seclists.org/oss-sec/2018/q2/28

An upstream fix:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51bda2bca53b265715ca1852528f38dc67429d9a
Comment 1 Laura Pardo 2018-01-22 16:41:50 UTC 
Created bluez tracking bugs for this issue:

Affects: fedora-all [bug 1537198]
Comment 5 Vladis Dronov 2018-04-10 09:18:08 UTC 
Notes:

Per discussion with Android security developer this flaw is related to
the upstream commit 51bda2bca53b ("Bluetooth: hidp_connection_add() unsafe
use of l2cap_pi()").
Note You need to log in before you can comment on or make changes to this bug.