Bugzilla – Bug 1139868
VUL-1: CVE-2019-12983: kernel-source: function do_hidp_sock_ioctl does not ensure that certain device field ends with a '\0'
Last modified: 2020-06-25 08:03:00 UTC
In the Linux kernel before 5.0.15, the function do_hidp_sock_ioctl in
net/bluetooth/hidp/sock.c does not ensure that a certain device field ends with
a '\0' character, which allows local users to obtain potentially sensitive
information from kernel stack memory, or cause a denial of service, which is
similar to CVE-2011-1079. The user would use an HIDPCONNADD command.
Takashi pushed this patch in in May.
can you add the CVE / bug to the references, then reassign back to us.
According to MITRE this CVE is spurious due to being a duplicate.
Our fix has long since been pushed as bsc#1134848
What is to be done?
mark as dup of bug 1134848
*** This bug has been marked as a duplicate of bug 1134848 ***