An out-of-bound access and a possible memory corruption vulnerability leading to a system crash was found in the Linux kernel in the BlueTooth subsystem. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. Previously this vulnerability was referenced as a flaw in Android kernel with an id of A-63527053. References: https://source.android.com/security/bulletin/pixel/2018-01-01#kernel-components http://seclists.org/oss-sec/2018/q2/28 An upstream fix: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51bda2bca53b265715ca1852528f38dc67429d9a
Created bluez tracking bugs for this issue: Affects: fedora-all [bug 1537198]
Notes: Per discussion with Android security developer this flaw is related to the upstream commit 51bda2bca53b ("Bluetooth: hidp_connection_add() unsafe use of l2cap_pi()").