| Message ID | 20240501221556.24450-1-bethany.jamison@canonical.com |
|---|---|
| Headers | show |
| Series | CVE-2024-26889 | expand |
On 02/05/2024 00:15, Bethany Jamison wrote: > [Impact] > > In the Linux kernel, the following vulnerability has been resolved: > > Bluetooth: hci_core: Fix possible buffer overflow > > struct hci_dev_info has a fixed size name[8] field so in the event that > hdev->name is bigger than that strcpy would attempt to write past its > size, so this fixes this problem by switching to use strscpy. > > [Fix] > > Mantic: Clean cherry-pick from linux-6.6.y > Jammy: pending > Focal: Mantic patch applied cleanly > Bionic: not-affected > Xenial: not-affected > Trusty: not-affected > > [Test Case] > > Compile and boot tested. > > [Where problems could occur] > > This fix affects those who use Bluetooth HCI, an issue with this fix > would be visable to the user via corrupted data or unexpected system > behavior. > > Luiz Augusto von Dentz (1): > Bluetooth: hci_core: Fix possible buffer overflow > > net/bluetooth/hci_core.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
On 5/1/24 16:15, Bethany Jamison wrote: > [Impact] > > In the Linux kernel, the following vulnerability has been resolved: > > Bluetooth: hci_core: Fix possible buffer overflow > > struct hci_dev_info has a fixed size name[8] field so in the event that > hdev->name is bigger than that strcpy would attempt to write past its > size, so this fixes this problem by switching to use strscpy. > > [Fix] > > Mantic: Clean cherry-pick from linux-6.6.y > Jammy: pending > Focal: Mantic patch applied cleanly > Bionic: not-affected > Xenial: not-affected > Trusty: not-affected > > [Test Case] > > Compile and boot tested. > > [Where problems could occur] > > This fix affects those who use Bluetooth HCI, an issue with this fix > would be visable to the user via corrupted data or unexpected system > behavior. > > Luiz Augusto von Dentz (1): > Bluetooth: hci_core: Fix possible buffer overflow > > net/bluetooth/hci_core.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > Acked-by: Tim Gardner <tim.gardner@canonical.com>
On 02/05/2024 00:15, Bethany Jamison wrote: > [Impact] > > In the Linux kernel, the following vulnerability has been resolved: > > Bluetooth: hci_core: Fix possible buffer overflow > > struct hci_dev_info has a fixed size name[8] field so in the event that > hdev->name is bigger than that strcpy would attempt to write past its > size, so this fixes this problem by switching to use strscpy. > > [Fix] > > Mantic: Clean cherry-pick from linux-6.6.y > Jammy: pending > Focal: Mantic patch applied cleanly > Bionic: not-affected > Xenial: not-affected > Trusty: not-affected > > [Test Case] > > Compile and boot tested. > > [Where problems could occur] > > This fix affects those who use Bluetooth HCI, an issue with this fix > would be visable to the user via corrupted data or unexpected system > behavior. > > Luiz Augusto von Dentz (1): > Bluetooth: hci_core: Fix possible buffer overflow > > net/bluetooth/hci_core.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > Applied to mantic:linux, focal:linux master-next branches. Thanks!