Bugzilla – Bug 1197035
VUL-0: CVE-2022-26878: kernel: Memory leak in Linux VirtIO Bluetooth driver
Last modified: 2023-01-18 17:31:47 UTC
Posted by Sönke Huster on Mar 11Hi oss-security,
A memory leak in the VirtIO Bluetooth driver for Linux, which is included since v5.13, allows an attacker with access to the VirtIO counterpart of the driver
to create a DoS by sending invalid frames to the drivers interface.
Therefore, the driver must be in use.
This is fixed in 1d0688421449 , which was backported and thus
fixed in v5.16.3  and v5.15.17 .
CVE-2022-26878 was assigned by MITRE.
The VirtIO Bluetooth driver is only available inside SLE-15-SP4 and there it is already fixed.
I updated the patch reference in SLE15-SP4 branch.