Bug 1180460 - (CVE-2020-35499) VUL-1: CVE-2020-35499: kernel-source: bluetooth crash when using BT_SNDMTU/BT_RCVMTU option
(CVE-2020-35499)
VUL-1: CVE-2020-35499: kernel-source: bluetooth crash when using BT_SNDMTU/BT...
Status: RESOLVED UPSTREAM
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/274267/
CVSSv3.1:SUSE:CVE-2020-35499:6.2:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-12-30 17:48 UTC by Wolfgang Frisch
Modified: 2021-02-02 12:44 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Wolfgang Frisch 2020-12-30 17:50:48 UTC
Upstream fix: commit f6b8c6b55439 ("Bluetooth: sco: Fix crash when using
BT_SNDMTU/BT_RCVMTU option")
Comment 2 Wolfgang Frisch 2020-12-30 17:54:39 UTC
It is unknown whether this can be actually triggered via Bluetooth. The PoC only crashes itself, with no apparent impact on kernel functionality. If it turns out this is indeed the case, we can file a dispute for the CVE.
Comment 3 Al Cho 2021-01-07 09:42:11 UTC
(In reply to Wolfgang Frisch from comment #2)
> It is unknown whether this can be actually triggered via Bluetooth. The PoC
> only crashes itself, with no apparent impact on kernel functionality. If it
> turns out this is indeed the case, we can file a dispute for the CVE.

> Upstream fix: commit f6b8c6b55439 ("Bluetooth: sco: Fix crash when using
BT_SNDMTU/BT_RCVMTU option")

This patch apply on v5.11-rc1

and fixing is based on 0fc1a726f897 Bluetooth: sco: new getsockopt options BT_SNDMTU/BT_RCVMTU (v5.10-rc1)

master: has it
stable: affected
15sp2: not affected
cve/linux-4.12: not affected
cve/linux-4.4: not affected
cve/linux-3.0: not affected
cve/linux-2.6.32: not affected
Comment 4 Marcus Meissner 2021-02-02 07:09:49 UTC
is public
Comment 5 Al Cho 2021-02-02 09:11:40 UTC
(In reply to Al Cho from comment #3)
> (In reply to Wolfgang Frisch from comment #2)
> > It is unknown whether this can be actually triggered via Bluetooth. The PoC
> > only crashes itself, with no apparent impact on kernel functionality. If it
> > turns out this is indeed the case, we can file a dispute for the CVE.
> 
> > Upstream fix: commit f6b8c6b55439 ("Bluetooth: sco: Fix crash when using
> BT_SNDMTU/BT_RCVMTU option")
> 
> This patch apply on v5.11-rc1
> 
> and fixing is based on 0fc1a726f897 Bluetooth: sco: new getsockopt options
> BT_SNDMTU/BT_RCVMTU (v5.10-rc1)
> 
> master: has it
> stable: affected

already fixed/patched by
84f94bc8377d8ec8a7cc2b8b48c5b5a301b52364 at Wed Dec 30 13:26:17 2020

patches.kernel.org/5.10.4-337-Bluetooth-sco-Fix-crash-when-using-BT_SNDMTU-B.patch
 - Bluetooth: sco: Fix crash when using BT_SNDMTU/BT_RCVMTU option
      (bsc#1012628).


> 15sp2: not affected
> cve/linux-4.12: not affected
> cve/linux-4.4: not affected
> cve/linux-3.0: not affected
> cve/linux-2.6.32: not affected
Comment 6 Marcus Meissner 2021-02-02 12:44:43 UTC
-> fixed upstream