A flaw was found in the Linux kernels implementation of Logical link control and adaptation protocol (L2CAP), part of the bluetooth stack in the l2cap_parse_conf_rsp, l2cap_parse_conf_req functions. An attacker with physical access within the range of standard bluetooth transmission can create a specially crafted packet. The response to this specially crafted packet can contain part of the kernel stack which can be used in a further attack. Upstream patch: https://lore.kernel.org/linux-bluetooth/20190110062833.GA15047@kroah.com/ Oss-security post: https://seclists.org/oss-sec/2019/q1/58 Mitigation: - Disabling the bluetooth hardware in the bios. - Prevent loading of the bluetooth kernel modules. - Disable the bluetooth connection by putting the system in "airport" mode.
Public via: https://seclists.org/oss-sec/2019/q1/58
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1665925]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2029
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2019:2043
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-3460
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3309
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3517 https://access.redhat.com/errata/RHSA-2019:3517
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:0740 https://access.redhat.com/errata/RHSA-2020:0740