First Last Prev Next    This bug is not in your last search results.
Bug 1197035 - (CVE-2022-26878) VUL-0: CVE-2022-26878: kernel: Memory leak in Linux VirtIO Bluetooth driver
(CVE-2022-26878)
VUL-0: CVE-2022-26878: kernel: Memory leak in Linux VirtIO Bluetooth driver
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Normal
: ---
Assigned To: Kernel Bugs
Security Team bot
https://smash.suse.de/issue/325992/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-03-11 14:38 UTC by Alexander Bergmann
Modified: 2023-01-18 17:31 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2022-03-11 14:38:41 UTC 
CVE-2022-26878

Posted by Sönke Huster on Mar 11Hi oss-security,

A memory leak in the VirtIO Bluetooth driver for Linux, which is included since v5.13, allows an attacker with access to the VirtIO counterpart of the driver
to create a DoS by sending invalid frames to the drivers interface.
Therefore, the driver must be in use.

This is fixed in 1d0688421449 [1], which was backported and thus
fixed in v5.16.3 [2] and v5.15.17 [3].

CVE-2022-26878 was assigned by MITRE.

Best,
Sönke

[1]...

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26878
https://seclists.org/oss-sec/2022/q1/175
Comment 1 Alexander Bergmann 2022-03-11 14:46:01 UTC 
The VirtIO Bluetooth driver is only available inside SLE-15-SP4 and there it is already fixed.

Closing again.
Comment 2 Takashi Iwai 2022-03-11 15:24:56 UTC 
I updated the patch reference in SLE15-SP4 branch.
First Last Prev Next    This bug is not in your last search results.