Bug 1192760 (CVE-2021-41229) - VUL-1: CVE-2021-41229: bluez: memory leak in the SDP protocol handling
Summary: VUL-1: CVE-2021-41229: bluez: memory leak in the SDP protocol handling
Status: RESOLVED FIXED
Alias: CVE-2021-41229
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/314937/
Whiteboard: CVSSv3.1:SUSE:CVE-2021-41229:4.3:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2021-11-16 15:51 UTC by Thomas Leroy
Modified: 2024-07-03 13:41 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Leroy 2021-11-16 15:51:54 UTC
CVE-2021-41229

BlueZ is a Bluetooth protocol stack for Linux. In affected versions a
vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will
always be hung in the singly linked list of cstates and will not be freed. This
will cause a memory leak over time. The data can be a very large object, which
can be caused by an attacker continuously sending sdp packets and this may cause
the service of the target device to crash.

Upstream commit:
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e79417ed7185b150a056d4eb3a1ab528b91d2fc0

Vulnerable commit:
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=d939483328489fb835bb425d36f7c7c73d52c388

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41229
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41229
https://github.com/bluez/bluez/security/advisories/GHSA-3fqg-r8j5-f5xq
Comment 1 Thomas Leroy 2021-11-16 17:06:04 UTC
The last version at this date is 5.62, and does not contain the fixing commit.

Affected codestreams:
- SUSE:SLE-11-SP1:Update	4.51-1.5.3.1
- SUSE:SLE-11-SP3:Update 	4.99-0.9.3.1	
- SUSE:SLE-11-SP4:Update 	4.99	
- SUSE:SLE-12-SP2:Update 	5.13-5.23.1	
- SUSE:SLE-15:Update	        5.48
- SUSE:SLE-15-SP2:Update 	5.48-13.3.1	
- SUSE:SLE-15-SP3:Update 	5.55-3.3.1
- openSUSE:Factory              5.62
- openSUSE:Leap:15.2:Update     5.48
Comment 2 Thomas Leroy 2021-11-17 14:45:59 UTC
I don't think the kernel is impacted. Al, can you confirm that please?
Comment 3 Gabriele Sonnu 2022-03-22 08:24:44 UTC
SUSE:SLE-15-SP4:Update (v5.62) is also affected.
Comment 5 Joey Lee 2023-08-02 15:53:28 UTC
(In reply to Thomas Leroy from comment #1)
> The last version at this date is 5.62, and does not contain the fixing
> commit.
> 
> Affected codestreams:
> - SUSE:SLE-11-SP1:Update	4.51-1.5.3.1
> - SUSE:SLE-11-SP3:Update 	4.99-0.9.3.1	
> - SUSE:SLE-11-SP4:Update 	4.99	
> - SUSE:SLE-12-SP2:Update 	5.13-5.23.1	
> - SUSE:SLE-15:Update	        5.48
> - SUSE:SLE-15-SP2:Update 	5.48-13.3.1	
> - SUSE:SLE-15-SP3:Update 	5.55-3.3.1
> - openSUSE:Factory              5.62
> - openSUSE:Leap:15.2:Update     5.48

Fixing patch:

commit e79417ed7185b150a056d4eb3a1ab528b91d2fc0         [5.63~39]
Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date:   Thu Jul 15 11:01:20 2021 -0700

    sdpd: Fix leaking buffers stored in cstates cache

Update status:

- SUSE:SLE-11-SP1:Update	4.51-1.5.3.1
- SUSE:SLE-11-SP3:Update 	4.99-0.9.3.1	
- SUSE:SLE-11-SP4:Update 	4.99	
- SUSE:SLE-12-SP2:Update 	5.13-5.23.1	
- SUSE:SLE-15:Update	        5.48            [sent, sr#304363]
- SUSE:SLE-15-SP2:Update 	5.48-13.3.1	[sent, sr#304361]
- SUSE:SLE-15-SP3:Update 	5.55-3.3.1      [sent, sr#304360]
- SUSE:SLE-15-SP4:Update        5.62            [sent, sr#304355]
- SUSE:SLE-15-SP5:GA            5.65            [included e79417ed]
- openSUSE:Factory              5.66            [included e79417ed]
- openSUSE:Leap:15.2:Update     5.48
Comment 7 Maintenance Automation 2023-08-08 20:30:25 UTC
SUSE-SU-2023:3240-1: An update that solves one vulnerability can now be installed.

Category: security (moderate)
Bug References: 1192760
CVE References: CVE-2021-41229
Sources used:
SUSE Manager Proxy 4.2 (src): bluez-5.55-150300.3.25.1
SUSE Manager Retail Branch Server 4.2 (src): bluez-5.55-150300.3.25.1
SUSE Manager Server 4.2 (src): bluez-5.55-150300.3.25.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Maintenance Automation 2023-08-08 20:30:33 UTC
SUSE-SU-2023:3238-1: An update that solves one vulnerability can now be installed.

Category: security (moderate)
Bug References: 1192760
CVE References: CVE-2021-41229
Sources used:
openSUSE Leap 15.4 (src): bluez-5.62-150400.4.16.1
SUSE Linux Enterprise Micro for Rancher 5.3 (src): bluez-5.62-150400.4.16.1
SUSE Linux Enterprise Micro 5.3 (src): bluez-5.62-150400.4.16.1
SUSE Linux Enterprise Micro for Rancher 5.4 (src): bluez-5.62-150400.4.16.1
SUSE Linux Enterprise Micro 5.4 (src): bluez-5.62-150400.4.16.1
Basesystem Module 15-SP4 (src): bluez-5.62-150400.4.16.1
Desktop Applications Module 15-SP4 (src): bluez-5.62-150400.4.16.1
SUSE Linux Enterprise Workstation Extension 15 SP4 (src): bluez-5.62-150400.4.16.1
openSUSE Leap Micro 5.3 (src): bluez-5.62-150400.4.16.1
openSUSE Leap Micro 5.4 (src): bluez-5.62-150400.4.16.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Joey Lee 2023-08-23 01:03:39 UTC
(In reply to Joey Lee from comment #5)
> (In reply to Thomas Leroy from comment #1)
> > The last version at this date is 5.62, and does not contain the fixing
> > commit.
> > 
> > Affected codestreams:
> > - SUSE:SLE-11-SP1:Update	4.51-1.5.3.1
> > - SUSE:SLE-11-SP3:Update 	4.99-0.9.3.1	
> > - SUSE:SLE-11-SP4:Update 	4.99	
> > - SUSE:SLE-12-SP2:Update 	5.13-5.23.1	
> > - SUSE:SLE-15:Update	        5.48
> > - SUSE:SLE-15-SP2:Update 	5.48-13.3.1	
> > - SUSE:SLE-15-SP3:Update 	5.55-3.3.1
> > - openSUSE:Factory              5.62
> > - openSUSE:Leap:15.2:Update     5.48
> 
> Fixing patch:
> 
> commit e79417ed7185b150a056d4eb3a1ab528b91d2fc0         [5.63~39]
> Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
> Date:   Thu Jul 15 11:01:20 2021 -0700
> 
>     sdpd: Fix leaking buffers stored in cstates cache
> 
> Update status:
> 
> - SUSE:SLE-11-SP1:Update	4.51-1.5.3.1
> - SUSE:SLE-11-SP3:Update 	4.99-0.9.3.1	
> - SUSE:SLE-11-SP4:Update 	4.99	
> - SUSE:SLE-12-SP2:Update 	5.13-5.23.1	
> - SUSE:SLE-15:Update	        5.48            [sent, sr#304363]
> - SUSE:SLE-15-SP2:Update 	5.48-13.3.1	[sent, sr#304361]
> - SUSE:SLE-15-SP3:Update 	5.55-3.3.1      [sent, sr#304360]
> - SUSE:SLE-15-SP4:Update        5.62            [sent, sr#304355]
> - SUSE:SLE-15-SP5:GA            5.65            [included e79417ed]
> - openSUSE:Factory              5.66            [included e79417ed]
> - openSUSE:Leap:15.2:Update     5.48

Update status:

- SUSE:SLE-11-SP1:Update        4.51-1.5.3.1
- SUSE:SLE-11-SP3:Update        4.99-0.9.3.1
- SUSE:SLE-11-SP4:Update        4.99
- SUSE:SLE-12-SP2:Update        5.13-5.23.1
- SUSE:SLE-15:Update            5.48            [DONE]
- SUSE:SLE-15-SP2:Update        5.48-13.3.1     [DONE]
- SUSE:SLE-15-SP3:Update        5.55-3.3.1      [DONE]
- SUSE:SLE-15-SP4:Update        5.62            [DONE]
- SUSE:SLE-15-SP5:GA            5.65            [included e79417ed]
- openSUSE:Factory              5.66            [included e79417ed]
- openSUSE:Leap:15.2:Update     5.48
Comment 12 Joey Lee 2023-08-23 05:28:15 UTC
(In reply to Joey Lee from comment #9)
> (In reply to Joey Lee from comment #5)
> > (In reply to Thomas Leroy from comment #1)
> > > The last version at this date is 5.62, and does not contain the fixing
> > > commit.
> > > 
> > > Affected codestreams:
> > > - SUSE:SLE-11-SP1:Update	4.51-1.5.3.1
> > > - SUSE:SLE-11-SP3:Update 	4.99-0.9.3.1	
> > > - SUSE:SLE-11-SP4:Update 	4.99	
> > > - SUSE:SLE-12-SP2:Update 	5.13-5.23.1	
> > > - SUSE:SLE-15:Update	        5.48
> > > - SUSE:SLE-15-SP2:Update 	5.48-13.3.1	
> > > - SUSE:SLE-15-SP3:Update 	5.55-3.3.1
> > > - openSUSE:Factory              5.62
> > > - openSUSE:Leap:15.2:Update     5.48
> > 
> > Fixing patch:
> > 
> > commit e79417ed7185b150a056d4eb3a1ab528b91d2fc0         [5.63~39]
> > Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
> > Date:   Thu Jul 15 11:01:20 2021 -0700
> > 
> >     sdpd: Fix leaking buffers stored in cstates cache
> > 
> > Update status:
> > 
> > - SUSE:SLE-11-SP1:Update	4.51-1.5.3.1
> > - SUSE:SLE-11-SP3:Update 	4.99-0.9.3.1	
> > - SUSE:SLE-11-SP4:Update 	4.99	
> > - SUSE:SLE-12-SP2:Update 	5.13-5.23.1	
> > - SUSE:SLE-15:Update	        5.48            [sent, sr#304363]
> > - SUSE:SLE-15-SP2:Update 	5.48-13.3.1	[sent, sr#304361]
> > - SUSE:SLE-15-SP3:Update 	5.55-3.3.1      [sent, sr#304360]
> > - SUSE:SLE-15-SP4:Update        5.62            [sent, sr#304355]
> > - SUSE:SLE-15-SP5:GA            5.65            [included e79417ed]
> > - openSUSE:Factory              5.66            [included e79417ed]
> > - openSUSE:Leap:15.2:Update     5.48
> 
> Update status:
> 
> - SUSE:SLE-11-SP1:Update        4.51-1.5.3.1
> - SUSE:SLE-11-SP3:Update        4.99-0.9.3.1
> - SUSE:SLE-11-SP4:Update        4.99
> - SUSE:SLE-12-SP2:Update        5.13-5.23.1
> - SUSE:SLE-15:Update            5.48            [DONE]
> - SUSE:SLE-15-SP2:Update        5.48-13.3.1     [DONE]
> - SUSE:SLE-15-SP3:Update        5.55-3.3.1      [DONE]
> - SUSE:SLE-15-SP4:Update        5.62            [DONE]
> - SUSE:SLE-15-SP5:GA            5.65            [included e79417ed]
> - openSUSE:Factory              5.66            [included e79417ed]
> - openSUSE:Leap:15.2:Update     5.48

Update status:

- SUSE:SLE-11-SP1:Update        4.51-1.5.3.1    [EoL]
- SUSE:SLE-11-SP3:Update        4.99-0.9.3.1    [sent, sr#305971]
- SUSE:SLE-11-SP4:Update        4.99            [EoL]
- SUSE:SLE-12-SP2:Update        5.13-5.23.1     [sent, sr#305951]
- SUSE:SLE-15:Update            5.48            [DONE]
- SUSE:SLE-15-SP2:Update        5.48-13.3.1     [DONE]
- SUSE:SLE-15-SP3:Update        5.55-3.3.1      [DONE]
- SUSE:SLE-15-SP4:Update        5.62            [DONE]
- SUSE:SLE-15-SP5:GA            5.65            [included e79417ed]
- openSUSE:Factory              5.66            [included e79417ed]
- openSUSE:Leap:15.2:Update     5.48            [EoL]
Comment 13 Joey Lee 2023-09-05 14:46:17 UTC
(In reply to Joey Lee from comment #12)
> (In reply to Joey Lee from comment #9)
> > (In reply to Joey Lee from comment #5)
> > > (In reply to Thomas Leroy from comment #1)
> > > > The last version at this date is 5.62, and does not contain the fixing
> > > > commit.
> > > > 
> > > > Affected codestreams:
> > > > - SUSE:SLE-11-SP1:Update	4.51-1.5.3.1
> > > > - SUSE:SLE-11-SP3:Update 	4.99-0.9.3.1	
> > > > - SUSE:SLE-11-SP4:Update 	4.99	
> > > > - SUSE:SLE-12-SP2:Update 	5.13-5.23.1	
> > > > - SUSE:SLE-15:Update	        5.48
> > > > - SUSE:SLE-15-SP2:Update 	5.48-13.3.1	
> > > > - SUSE:SLE-15-SP3:Update 	5.55-3.3.1
> > > > - openSUSE:Factory              5.62
> > > > - openSUSE:Leap:15.2:Update     5.48
> > > 
> > > Fixing patch:
> > > 
> > > commit e79417ed7185b150a056d4eb3a1ab528b91d2fc0         [5.63~39]
> > > Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
> > > Date:   Thu Jul 15 11:01:20 2021 -0700
> > > 
> > >     sdpd: Fix leaking buffers stored in cstates cache
> > > 
> > > Update status:
> > > 
> > > - SUSE:SLE-11-SP1:Update	4.51-1.5.3.1
> > > - SUSE:SLE-11-SP3:Update 	4.99-0.9.3.1	
> > > - SUSE:SLE-11-SP4:Update 	4.99	
> > > - SUSE:SLE-12-SP2:Update 	5.13-5.23.1	
> > > - SUSE:SLE-15:Update	        5.48            [sent, sr#304363]
> > > - SUSE:SLE-15-SP2:Update 	5.48-13.3.1	[sent, sr#304361]
> > > - SUSE:SLE-15-SP3:Update 	5.55-3.3.1      [sent, sr#304360]
> > > - SUSE:SLE-15-SP4:Update        5.62            [sent, sr#304355]
> > > - SUSE:SLE-15-SP5:GA            5.65            [included e79417ed]
> > > - openSUSE:Factory              5.66            [included e79417ed]
> > > - openSUSE:Leap:15.2:Update     5.48
> > 
> > Update status:
> > 
> > - SUSE:SLE-11-SP1:Update        4.51-1.5.3.1
> > - SUSE:SLE-11-SP3:Update        4.99-0.9.3.1
> > - SUSE:SLE-11-SP4:Update        4.99
> > - SUSE:SLE-12-SP2:Update        5.13-5.23.1
> > - SUSE:SLE-15:Update            5.48            [DONE]
> > - SUSE:SLE-15-SP2:Update        5.48-13.3.1     [DONE]
> > - SUSE:SLE-15-SP3:Update        5.55-3.3.1      [DONE]
> > - SUSE:SLE-15-SP4:Update        5.62            [DONE]
> > - SUSE:SLE-15-SP5:GA            5.65            [included e79417ed]
> > - openSUSE:Factory              5.66            [included e79417ed]
> > - openSUSE:Leap:15.2:Update     5.48
> 
> Update status:
> 
> - SUSE:SLE-11-SP1:Update        4.51-1.5.3.1    [EoL]
> - SUSE:SLE-11-SP3:Update        4.99-0.9.3.1    [sent, sr#305971]
> - SUSE:SLE-11-SP4:Update        4.99            [EoL]
> - SUSE:SLE-12-SP2:Update        5.13-5.23.1     [sent, sr#305951]
> - SUSE:SLE-15:Update            5.48            [DONE]
> - SUSE:SLE-15-SP2:Update        5.48-13.3.1     [DONE]
> - SUSE:SLE-15-SP3:Update        5.55-3.3.1      [DONE]
> - SUSE:SLE-15-SP4:Update        5.62            [DONE]
> - SUSE:SLE-15-SP5:GA            5.65            [included e79417ed]
> - openSUSE:Factory              5.66            [included e79417ed]
> - openSUSE:Leap:15.2:Update     5.48            [EoL]

Update status:

- SUSE:SLE-11-SP1:Update        4.51-1.5.3.1    [EoL]
- SUSE:SLE-11-SP3:Update        4.99-0.9.3.1    [DONE]
- SUSE:SLE-11-SP4:Update        4.99            [EoL]
- SUSE:SLE-12-SP2:Update        5.13-5.23.1     [DONE]
- SUSE:SLE-15:Update            5.48            [DONE]
- SUSE:SLE-15-SP2:Update        5.48-13.3.1     [DONE]
- SUSE:SLE-15-SP3:Update        5.55-3.3.1      [DONE]
- SUSE:SLE-15-SP4:Update        5.62            [DONE]
- SUSE:SLE-15-SP5:GA            5.65            [included e79417ed]
- openSUSE:Factory              5.66            [included e79417ed]
- openSUSE:Leap:15.2:Update     5.48            [EoL]

Reset assigner.
Comment 14 Maintenance Automation 2023-09-20 08:30:32 UTC
SUSE-SU-2023:3689-1: An update that solves one vulnerability can now be installed.

Category: security (moderate)
Bug References: 1192760
CVE References: CVE-2021-41229
Sources used:
SUSE Linux Enterprise Software Development Kit 12 SP5 (src): bluez-5.13-5.42.2
SUSE Linux Enterprise Server 12 SP5 (src): bluez-5.13-5.42.2
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): bluez-5.13-5.42.2
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): bluez-5.13-5.42.2
SUSE Linux Enterprise Workstation Extension 12 12-SP5 (src): bluez-5.13-5.42.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 16 Maintenance Automation 2024-01-19 16:30:03 UTC
SUSE-SU-2024:0167-1: An update that solves three vulnerabilities can now be installed.

Category: security (important)
Bug References: 1192760, 1218300, 1218301
CVE References: CVE-2021-41229, CVE-2023-50229, CVE-2023-50230
Sources used:
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): bluez-5.48-150200.13.30.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): bluez-5.48-150200.13.30.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): bluez-5.48-150200.13.30.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 17 Maintenance Automation 2024-01-19 16:30:05 UTC
SUSE-SU-2024:0166-1: An update that solves three vulnerabilities can now be installed.

Category: security (important)
Bug References: 1192760, 1218300, 1218301
CVE References: CVE-2021-41229, CVE-2023-50229, CVE-2023-50230
Sources used:
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): bluez-5.48-150000.5.54.1
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): bluez-5.48-150000.5.54.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): bluez-5.48-150000.5.54.1
SUSE CaaS Platform 4.0 (src): bluez-5.48-150000.5.54.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 18 Andrea Mattiazzo 2024-07-03 13:41:51 UTC
All done, closing.