Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <de937be5-35ed-af7b-b20a-a1150c700fa1@eknoes.de>
Date: Fri, 11 Mar 2022 12:16:35 +0100
From: Sönke Huster <soenke.huster@...oes.de>
To: oss-security@...ts.openwall.com
Subject: CVE-2022-26878: Memory leak in Linux VirtIO Bluetooth driver

Hi oss-security,

A memory leak in the VirtIO Bluetooth driver for Linux, which is included since v5.13,
allows an attacker with access to the VirtIO counterpart of the driver
to create a DoS by sending invalid frames to the drivers interface.
Therefore, the driver must be in use.

This is fixed in 1d0688421449 [1], which was backported and thus
fixed in v5.16.3 [2] and v5.15.17 [3].

CVE-2022-26878 was assigned by MITRE.

Best,
Sönke

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1d0688421449718c6c5f46e458a378c9b530ba18
[2] https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.3
[3] https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.17

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.