A flaw was found in the kernels implementation of the bluetooth HIDP (Human Interface Device Protocol). A local attacker with access permissions to the bluetooth device can issue an IOCTL which will trigger the do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c.c. This function can potentially leak potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not correctly NULL terminated. Reference: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.15 Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a1616a5ac99ede5d605047a9012481ce7ff18b16 https://github.com/torvalds/linux/commit/a1616a5ac99ede5d605047a9012481ce7ff18b16
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1709838]
This flaw is rated as a Moderate as it requires the local attacker to have permissions to the bluetooth devices and also is an infoleak with no privilege escalation known at this time.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3309
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3517 https://access.redhat.com/errata/RHSA-2019:3517
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-11884
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:0740 https://access.redhat.com/errata/RHSA-2020:0740
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:1016 https://access.redhat.com/errata/RHSA-2020:1016
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:1070 https://access.redhat.com/errata/RHSA-2020:1070