Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 10 Apr 2018 05:15:38 -0400 (EDT)
From: Vladis Dronov <vdronov@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2017-13220 / Android A-63527053: Linux kernel: Possible
 out-of-bound access in Bluetooth subsystem

Hello,

There was a flaw CVE-2017-13220 / Android A-63527053 reported in Android
security bulletin with not much of public details:

https://source.android.com/security/bulletin/pixel/2018-01-01#kernel-components

Per discussion with Android security developer this flaw is related to
an upstream commit 51bda2bca53b ("Bluetooth: hidp_connection_add() unsafe
use of l2cap_pi()").

Red Hat is handling this flaw in:

https://bugzilla.redhat.com/show_bug.cgi?id=1536155

I believe the other distributions may want to update the related bug pages
with the info above:

https://bugzilla.suse.com/show_bug.cgi?id=1076537
https://security-tracker.debian.org/tracker/CVE-2017-13220
https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13220.html

Best regards,
Vladis Dronov | Red Hat, Inc. | Product Security Engineer

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.