Date: Fri, 11 Mar 2022 12:16:35 +0100 From: Sönke Huster <soenke.huster@...oes.de> To: oss-security@...ts.openwall.com Subject: CVE-2022-26878: Memory leak in Linux VirtIO Bluetooth driver Hi oss-security, A memory leak in the VirtIO Bluetooth driver for Linux, which is included since v5.13, allows an attacker with access to the VirtIO counterpart of the driver to create a DoS by sending invalid frames to the drivers interface. Therefore, the driver must be in use. This is fixed in 1d0688421449 , which was backported and thus fixed in v5.16.3  and v5.15.17 . CVE-2022-26878 was assigned by MITRE. Best, Sönke  https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1d0688421449718c6c5f46e458a378c9b530ba18  https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.3  https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.17
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.