CVE-2022-26878: Memory leak in Linux VirtIO Bluetooth driver

[Sönke Huster <soenke.huster () eknoes de>]

Hi oss-security,

A memory leak in the VirtIO Bluetooth driver for Linux, which is included since v5.13,
allows an attacker with access to the VirtIO counterpart of the driver
to create a DoS by sending invalid frames to the drivers interface.
Therefore, the driver must be in use.

This is fixed in 1d0688421449 [1], which was backported and thus
fixed in v5.16.3 [2] and v5.15.17 [3].

CVE-2022-26878 was assigned by MITRE.

Best,
Sönke

[1] 
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1d0688421449718c6c5f46e458a378c9b530ba18
[2] https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.3
[3] https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.17