oss-sec mailing list archives
CVE-2022-26878: Memory leak in Linux VirtIO Bluetooth driver
From: Sönke Huster <soenke.huster () eknoes de>
Date: Fri, 11 Mar 2022 12:16:35 +0100
Hi oss-security, A memory leak in the VirtIO Bluetooth driver for Linux, which is included since v5.13, allows an attacker with access to the VirtIO counterpart of the driver to create a DoS by sending invalid frames to the drivers interface. Therefore, the driver must be in use. This is fixed in 1d0688421449 [1], which was backported and thus fixed in v5.16.3 [2] and v5.15.17 [3]. CVE-2022-26878 was assigned by MITRE. Best, Sönke [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1d0688421449718c6c5f46e458a378c9b530ba18 [2] https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.3 [3] https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.17
Current thread:
- CVE-2022-26878: Memory leak in Linux VirtIO Bluetooth driver Sönke Huster (Mar 11)