Date: Tue, 10 Apr 2018 05:15:38 -0400 (EDT) From: Vladis Dronov <vdronov@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE-2017-13220 / Android A-63527053: Linux kernel: Possible out-of-bound access in Bluetooth subsystem Hello, There was a flaw CVE-2017-13220 / Android A-63527053 reported in Android security bulletin with not much of public details: https://source.android.com/security/bulletin/pixel/2018-01-01#kernel-components Per discussion with Android security developer this flaw is related to an upstream commit 51bda2bca53b ("Bluetooth: hidp_connection_add() unsafe use of l2cap_pi()"). Red Hat is handling this flaw in: https://bugzilla.redhat.com/show_bug.cgi?id=1536155 I believe the other distributions may want to update the related bug pages with the info above: https://bugzilla.suse.com/show_bug.cgi?id=1076537 https://security-tracker.debian.org/tracker/CVE-2017-13220 https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13220.html Best regards, Vladis Dronov | Red Hat, Inc. | Product Security Engineer
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.