We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2022-48947

Bluetooth: L2CAP: Fix u8 overflow



Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix u8 overflow By keep sending L2CAP_CONF_REQ packets, chan->num_conf_rsp increases multiple times and eventually it will wrap around the maximum number (i.e., 255). This patch prevents this by adding a boundary check with L2CAP_MAX_CONF_RSP Btmon log: Bluetooth monitor ver 5.64 = Note: Linux version 6.1.0-rc2 (x86_64) 0.264594 = Note: Bluetooth subsystem version 2.22 0.264636 @ MGMT Open: btmon (privileged) version 1.22 {0x0001} 0.272191 = New Index: 00:00:00:00:00:00 (Primary,Virtual,hci0) [hci0] 13.877604 @ RAW Open: 9496 (privileged) version 2.22 {0x0002} 13.890741 = Open Index: 00:00:00:00:00:00 [hci0] 13.900426 (...) > ACL Data RX: Handle 200 flags 0x00 dlen 1033 #32 [hci0] 14.273106 invalid packet size (12 != 1033) 08 00 01 00 02 01 04 00 01 10 ff ff ............ > ACL Data RX: Handle 200 flags 0x00 dlen 1547 #33 [hci0] 14.273561 invalid packet size (14 != 1547) 0a 00 01 00 04 01 06 00 40 00 00 00 00 00 ........@..... > ACL Data RX: Handle 200 flags 0x00 dlen 2061 #34 [hci0] 14.274390 invalid packet size (16 != 2061) 0c 00 01 00 04 01 08 00 40 00 00 00 00 00 00 04 ........@....... > ACL Data RX: Handle 200 flags 0x00 dlen 2061 #35 [hci0] 14.274932 invalid packet size (16 != 2061) 0c 00 01 00 04 01 08 00 40 00 00 00 07 00 03 00 ........@....... = bluetoothd: Bluetooth daemon 5.43 14.401828 > ACL Data RX: Handle 200 flags 0x00 dlen 1033 #36 [hci0] 14.275753 invalid packet size (12 != 1033) 08 00 01 00 04 01 04 00 40 00 00 00 ........@...

Reserved 2024-08-22 | Published 2024-10-21 | Updated 2024-12-19 | Assigner Linux

Product status

Default status
unaffected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 49d5867819ab7c744852b45509e8469839c07e0e
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 95f1847a361c7b4bf7d74c06ecb6968455082c1a
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before ad528fde0702903208d0a79d88d5a42ae3fc235b
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 9fdc79b571434af7bc742da40a3405f038b637a7
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before f3fe6817156a2ad4b06f01afab04638a34d7c9a6
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 19a78143961a197de8502f4f29c453b913dc3c29
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 5550bbf709c323194881737fd290c4bada9e6ead
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before bcd70260ef56e0aee8a4fc6cd214a419900b0765
affected

Default status
affected

4.9.337
unaffected

4.14.303
unaffected

4.19.270
unaffected

5.4.229
unaffected

5.10.161
unaffected

5.15.85
unaffected

6.0.15
unaffected

6.1
unaffected

References

git.kernel.org/...c/49d5867819ab7c744852b45509e8469839c07e0e

git.kernel.org/...c/95f1847a361c7b4bf7d74c06ecb6968455082c1a

git.kernel.org/...c/ad528fde0702903208d0a79d88d5a42ae3fc235b

git.kernel.org/...c/9fdc79b571434af7bc742da40a3405f038b637a7

git.kernel.org/...c/f3fe6817156a2ad4b06f01afab04638a34d7c9a6

git.kernel.org/...c/19a78143961a197de8502f4f29c453b913dc3c29

git.kernel.org/...c/5550bbf709c323194881737fd290c4bada9e6ead

git.kernel.org/...c/bcd70260ef56e0aee8a4fc6cd214a419900b0765

cve.org (CVE-2022-48947)

nvd.nist.gov (CVE-2022-48947)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2022-48947

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.

© Copyright 2024 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.