Bugzilla – Bug 1015171
VUL-1: CVE-2016-9917: bluez,bluez-hcidump: Heap-based buffer overflow vulnerability in read_n()
Last modified: 2022-11-01 08:53:07 UTC
A heap-based buffer overflow was observed in "read_n" function in "tools/hcidump.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. PoC can be found in following report: https://www.spinics.net/lists/linux-bluetooth/msg68892.html
Created attachment 706106 [details] CVE-2016-9917.poc QA REPRODUCER: hcidump -a -r CVE-2016-9917.poc should not report: *** Error in `hcidump': free(): invalid pointer: 0x000055d22dcc4030 *** *** Error in `hcidump': malloc: top chunk is corrupt: 0x000055d22dcc4610 ***
the snoop protocol reader reads the size of the data blob from the stream and does not do any form of size validation
bugbot adjusting priority
SUSE-SU-2019:1339-1: An update that fixes 5 vulnerabilities is now available. Category: security (moderate) Bug References: 1013708,1013712,1013893,1015171,1015173 CVE References: CVE-2016-9797,CVE-2016-9798,CVE-2016-9802,CVE-2016-9917,CVE-2016-9918 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP4 (src): bluez-5.13-5.12.1 SUSE Linux Enterprise Workstation Extension 12-SP3 (src): bluez-5.13-5.12.1 SUSE Linux Enterprise Software Development Kit 12-SP4 (src): bluez-5.13-5.12.1 SUSE Linux Enterprise Software Development Kit 12-SP3 (src): bluez-5.13-5.12.1 SUSE Linux Enterprise Server 12-SP4 (src): bluez-5.13-5.12.1 SUSE Linux Enterprise Server 12-SP3 (src): bluez-5.13-5.12.1 SUSE Linux Enterprise Desktop 12-SP4 (src): bluez-5.13-5.12.1 SUSE Linux Enterprise Desktop 12-SP3 (src): bluez-5.13-5.12.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:1353-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 1013708,1013712,1013893,1015171 CVE References: CVE-2016-9797,CVE-2016-9798,CVE-2016-9802,CVE-2016-9917 Sources used: SUSE Linux Enterprise Workstation Extension 15 (src): bluez-5.48-5.16.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): bluez-5.48-5.16.1 SUSE Linux Enterprise Module for Desktop Applications 15 (src): bluez-5.48-5.16.1 SUSE Linux Enterprise Module for Basesystem 15 (src): bluez-5.48-5.16.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:1476-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 1013708,1013712,1013893,1015171 CVE References: CVE-2016-9797,CVE-2016-9798,CVE-2016-9802,CVE-2016-9917 Sources used: openSUSE Leap 15.1 (src): bluez-5.48-lp151.8.3.1 openSUSE Leap 15.0 (src): bluez-5.48-lp150.4.13.1
SUSE-SU-2019:1353-2: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 1013708,1013712,1013893,1015171 CVE References: CVE-2016-9797,CVE-2016-9798,CVE-2016-9802,CVE-2016-9917 Sources used: SUSE Linux Enterprise Workstation Extension 15-SP1 (src): bluez-5.48-5.16.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): bluez-5.48-5.16.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (src): bluez-5.48-5.16.1 SUSE Linux Enterprise Module for Basesystem 15-SP1 (src): bluez-5.48-5.16.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.