mbox series

[SRU,Bionic/Focal/OEM-5.14/Jammy/HWE-5.17/Kinetic,0/1] CVE-2022-45934

Message ID 20221210032110.111051-1-cengiz.can@canonical.com
Headers show
Series CVE-2022-45934 | expand

Message

Cengiz Can Dec. 10, 2022, 3:21 a.m. UTC 
[Impact]
An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in
net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.

[Fix]
Picked from upstream. Clean cherry picks to all.

[Test case]
Compile, boot and basic functionality tested with l2test.

[Potential regression]
Low. Fix only adds an overflow check.

Sungwoo Kim (1):
  Bluetooth: L2CAP: Fix u8 overflow

 net/bluetooth/l2cap_core.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comments

Tim Gardner Dec. 12, 2022, 1:20 p.m. UTC | #1 
On 12/9/22 8:21 PM, Cengiz Can wrote:
> [Impact]
> An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in
> net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.
> 
> [Fix]
> Picked from upstream. Clean cherry picks to all.
> 
> [Test case]
> Compile, boot and basic functionality tested with l2test.
> 
> [Potential regression]
> Low. Fix only adds an overflow check.
> 
> Sungwoo Kim (1):
>    Bluetooth: L2CAP: Fix u8 overflow
> 
>   net/bluetooth/l2cap_core.c | 3 ++-
>   1 file changed, 2 insertions(+), 1 deletion(-)
> 
Acked-by: Tim Gardner <tim.gardner@canonical.com>
Timo Aaltonen Dec. 14, 2022, 9:55 a.m. UTC | #2 
Cengiz Can kirjoitti 10.12.2022 klo 5.21:
> [Impact]
> An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in
> net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.
> 
> [Fix]
> Picked from upstream. Clean cherry picks to all.
> 
> [Test case]
> Compile, boot and basic functionality tested with l2test.
> 
> [Potential regression]
> Low. Fix only adds an overflow check.
> 
> Sungwoo Kim (1):
>    Bluetooth: L2CAP: Fix u8 overflow
> 
>   net/bluetooth/l2cap_core.c | 3 ++-
>   1 file changed, 2 insertions(+), 1 deletion(-)
> 

applied to oem-5.14, thanks
Thadeu Lima de Souza Cascardo Dec. 15, 2022, 2:06 p.m. UTC | #3 
Acked-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Stefan Bader Dec. 16, 2022, 2:31 p.m. UTC | #4 
On 10.12.22 04:21, Cengiz Can wrote:
> [Impact]
> An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in
> net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.
> 
> [Fix]
> Picked from upstream. Clean cherry picks to all.
> 
> [Test case]
> Compile, boot and basic functionality tested with l2test.
> 
> [Potential regression]
> Low. Fix only adds an overflow check.
> 
> Sungwoo Kim (1):
>    Bluetooth: L2CAP: Fix u8 overflow
> 
>   net/bluetooth/l2cap_core.c | 3 ++-
>   1 file changed, 2 insertions(+), 1 deletion(-)
> 

Applied to jammy,focal:linux/master-next and jammy:linux-hwe-5.17/hwe-5.17-next. 
Thanks.

-Stefan
Luke Nowakowski-Krijger Jan. 5, 2023, 3:46 a.m. UTC | #5 
Applied to bionic and kinetic linux master-next

Thanks,
- Luke

On Fri, Dec 9, 2022 at 7:21 PM Cengiz Can <cengiz.can@canonical.com> wrote:

> [Impact]
> An issue was discovered in the Linux kernel through 6.0.10.
> l2cap_config_req in
> net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ
> packets.
>
> [Fix]
> Picked from upstream. Clean cherry picks to all.
>
> [Test case]
> Compile, boot and basic functionality tested with l2test.
>
> [Potential regression]
> Low. Fix only adds an overflow check.
>
> Sungwoo Kim (1):
>   Bluetooth: L2CAP: Fix u8 overflow
>
>  net/bluetooth/l2cap_core.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
>
> --
> 2.37.2
>
>
> --
> kernel-team mailing list
> kernel-team@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>