We have moved to a new Sailfish OS Forum. Please start new discussions there.

Revision history [back]

click to hide/show revision 1
initial version

posted 2018-03-06 09:15:28 +0200

lpr gravatar image

bnep_add_connection() should verify that it's dealing with l2cap socket in kernel-bluetooth CVE-2017-15868

The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application. Score: 7.8 high local

Upstream Patch is available and equal to kernel-3.2 backport.

File affected: kernel-adaptation-sbj-3.4.108.20161101.1/net/bluetooth/bnep/core.c lines 565-569

So the Patch should look like:

@@ -560,6 +560,9 @@ int bnep_add_connection(struct bnep_connadd_req *req, struct socket *sock)

    BT_DBG("");

+   if (!l2cap_is_socket(sock))
+       return -EBADFD;
+
    baswap((void *) dst, &bt_sk(sock->sk)->dst);
    baswap((void *) src, &bt_sk(sock->sk)->src);

bnep_add_connection() {bnep,cmtp}_add_connection() should verify that it's dealing with l2cap socket in kernel-bluetooth CVE-2017-15868

The bnep_add_connection function and cmtp_add_connection function in net/bluetooth/bnep/core.c , in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application. Score: 7.8 high local

Upstream Patchs Upstream Patch is |1| |2| are available and equal to kernel-3.2 backports kernel-3.2 backport|1| |2|.

File Files affected: kernel-adaptation-sbj-3.4.108.20161101.1/net/bluetooth/bnep/core.c lines 565-569

kernel-adaptation-sbj-3.4.108.20161101.1/net/bluetooth/cmtp/core.c 335-340

So the Patch should look like:

bnep:

@@ -560,6 +560,9 @@ int bnep_add_connection(struct bnep_connadd_req *req, struct socket *sock)

    BT_DBG("");

+   if (!l2cap_is_socket(sock))
+       return -EBADFD;
+
    baswap((void *) dst, &bt_sk(sock->sk)->dst);
    baswap((void *) src, &bt_sk(sock->sk)->src);

cmtp:

@@ -334,6 +334,9 @@ int cmtp_add_connection(struct cmtp_connadd_req *req, struct socket *sock)

BT_DBG("");

+   if (!l2cap_is_socket(sock))
+       return -EBADFD;
+
session = kzalloc(sizeof(struct cmtp_session), GFP_KERNEL);
if (!session)
    return -ENOMEM;

{bnep,cmtp}_add_connection() should verify that it's dealing with l2cap socket in kernel-bluetooth CVE-2017-15868

The bnep_add_connection function and cmtp_add_connection function in net/bluetooth/bnep/core.c , net/bluetooth/cmtp/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application. Score: 7.8 high local

Upstream Patchs |1| |2| are available and equal to kernel-3.2 backports |1| |2|.

Files affected: kernel-adaptation-sbj-3.4.108.20161101.1/net/bluetooth/bnep/core.c lines 565-569

kernel-adaptation-sbj-3.4.108.20161101.1/net/bluetooth/cmtp/core.c 335-340

So the Patch should look like:

bnep:

@@ -560,6 +560,9 @@ int bnep_add_connection(struct bnep_connadd_req *req, struct socket *sock)

    BT_DBG("");

+   if (!l2cap_is_socket(sock))
+       return -EBADFD;
+
    baswap((void *) dst, &bt_sk(sock->sk)->dst);
    baswap((void *) src, &bt_sk(sock->sk)->src);

cmtp:

@@ -334,6 +334,9 @@ int cmtp_add_connection(struct cmtp_connadd_req *req, struct socket *sock)

BT_DBG("");

+   if (!l2cap_is_socket(sock))
+       return -EBADFD;
+
session = kzalloc(sizeof(struct cmtp_session), GFP_KERNEL);
if (!session)
    return -ENOMEM;

{bnep,cmtp}_add_connection() should verify that it's dealing with l2cap socket in kernel-bluetooth CVE-2017-15868

The bnep_add_connection function and cmtp_add_connection function in net/bluetooth/bnep/core.c , net/bluetooth/cmtp/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application. Score: 7.8 high local

Upstream Patchs |1| |2| are available and equal to kernel-3.2 backports |1| |2|.

Files affected: kernel-adaptation-sbj-3.4.108.20161101.1/net/bluetooth/bnep/core.c lines 565-569

kernel-adaptation-sbj-3.4.108.20161101.1/net/bluetooth/cmtp/core.c 335-340

So the Patch should look like:

bnep:

@@ -560,6 +560,9 @@ int bnep_add_connection(struct bnep_connadd_req *req, struct socket *sock)

    BT_DBG("");

+   if (!l2cap_is_socket(sock))
+       return -EBADFD;
+
    baswap((void *) dst, &bt_sk(sock->sk)->dst);
    baswap((void *) src, &bt_sk(sock->sk)->src);

cmtp:

@@ -334,6 +334,9 @@ int cmtp_add_connection(struct cmtp_connadd_req *req, struct socket *sock)

BT_DBG("");

+   if (!l2cap_is_socket(sock))
+       return -EBADFD;
+
session = kzalloc(sizeof(struct cmtp_session), GFP_KERNEL);
if (!session)
    return -ENOMEM;

{bnep,cmtp}_add_connection() should verify that it's dealing with l2cap socket in kernel-bluetooth CVE-2017-15868

The bnep_add_connection function and cmtp_add_connection function in net/bluetooth/bnep/core.c , net/bluetooth/cmtp/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application. Score: 7.8 high local

Upstream Patchs Patches |1| |2| are available and equal to kernel-3.2 backports |1| |2|.

Files affected: kernel-adaptation-sbj-3.4.108.20161101.1/net/bluetooth/bnep/core.c lines 565-569

kernel-adaptation-sbj-3.4.108.20161101.1/net/bluetooth/cmtp/core.c 335-340

So the Patch should look like:

bnep:

@@ -560,6 +560,9 @@ int bnep_add_connection(struct bnep_connadd_req *req, struct socket *sock)

    BT_DBG("");

+   if (!l2cap_is_socket(sock))
+       return -EBADFD;
+
    baswap((void *) dst, &bt_sk(sock->sk)->dst);
    baswap((void *) src, &bt_sk(sock->sk)->src);

cmtp:

@@ -334,6 +334,9 @@ int cmtp_add_connection(struct cmtp_connadd_req *req, struct socket *sock)

BT_DBG("");

+   if (!l2cap_is_socket(sock))
+       return -EBADFD;
+
session = kzalloc(sizeof(struct cmtp_session), GFP_KERNEL);
if (!session)
    return -ENOMEM;

{bnep,cmtp}_add_connection() should verify that it's dealing with l2cap socket in kernel-bluetooth CVE-2017-15868

The bnep_add_connection function and cmtp_add_connection function in net/bluetooth/bnep/core.c , net/bluetooth/cmtp/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application. Score: 7.8 high local

Upstream Patches |1| |2| are available and equal to kernel-3.2 backports |1| |2|.

Files affected: kernel-adaptation-sbj-3.4.108.20161101.1/net/bluetooth/bnep/core.c lines 565-569

kernel-adaptation-sbj-3.4.108.20161101.1/net/bluetooth/cmtp/core.c 335-340

So the Patch should look like:

bnep:

@@ -560,6 +560,9 @@ int bnep_add_connection(struct bnep_connadd_req *req, struct socket *sock)

    BT_DBG("");

+   if (!l2cap_is_socket(sock))
+       return -EBADFD;
+
    baswap((void *) dst, &bt_sk(sock->sk)->dst);
    baswap((void *) src, &bt_sk(sock->sk)->src);

cmtp:

@@ -334,6 +334,9 @@ int cmtp_add_connection(struct cmtp_connadd_req *req, struct socket *sock)

BT_DBG("");

+   if (!l2cap_is_socket(sock))
+       return -EBADFD;
+
session = kzalloc(sizeof(struct cmtp_session), GFP_KERNEL);
if (!session)
    return -ENOMEM;
Copyright © Jolla Ltd. 2013-2019. All rights reserved.
about | faq | help | privacy policy | terms of service | give feedback
Powered by Askbot version 0.7.49