First published: Fri May 10 2019(Updated: )
A flaw was found in the kernels implementation of the bluetooth HIDP (Human Interface Device Protocol). A local attacker with access permissions to the bluetooth device can issue an IOCTL which will trigger the do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c.c. This function can potentially leak potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not correctly NULL terminated. Reference: <a href="https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.15">https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.15</a> Upstream commit: <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a1616a5ac99ede5d605047a9012481ce7ff18b16">https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a1616a5ac99ede5d605047a9012481ce7ff18b16</a> <a href="https://github.com/torvalds/linux/commit/a1616a5ac99ede5d605047a9012481ce7ff18b16">https://github.com/torvalds/linux/commit/a1616a5ac99ede5d605047a9012481ce7ff18b16</a>
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel-rt | <0:3.10.0-1127.rt56.1093.el7 | 0:3.10.0-1127.rt56.1093.el7 |
redhat/kernel-alt | <0:4.14.0-115.18.1.el7a | 0:4.14.0-115.18.1.el7a |
redhat/kernel | <0:3.10.0-1127.el7 | 0:3.10.0-1127.el7 |
redhat/kernel-rt | <0:4.18.0-147.rt24.93.el8 | 0:4.18.0-147.rt24.93.el8 |
redhat/kernel | <0:4.18.0-147.el8 | 0:4.18.0-147.el8 |
Linux Linux kernel | <5.0.15 | |
Fedoraproject Fedora | =28 | |
Fedoraproject Fedora | =29 | |
Fedoraproject Fedora | =30 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =19.04 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux Eus | =8.1 | |
Redhat Enterprise Linux Eus | =8.2 | |
Redhat Enterprise Linux Eus | =8.4 | |
Redhat Enterprise Linux Eus | =8.6 | |
Redhat Enterprise Linux For Real Time | =8.0 | |
Redhat Enterprise Linux For Real Time For Nfv Tus | =8.2 | |
Redhat Enterprise Linux For Real Time For Nfv Tus | =8.4 | |
Redhat Enterprise Linux For Real Time For Nfv Tus | =8.6 | |
Redhat Enterprise Linux For Real Time Tus | =8.2 | |
Redhat Enterprise Linux For Real Time Tus | =8.4 | |
Redhat Enterprise Linux For Real Time Tus | =8.6 | |
Redhat Enterprise Linux Server Aus | =8.2 | |
Redhat Enterprise Linux Server Aus | =8.4 | |
Redhat Enterprise Linux Server Aus | =8.6 | |
Redhat Enterprise Linux Server Tus | =8.2 | |
Redhat Enterprise Linux Server Tus | =8.4 | |
Redhat Enterprise Linux Server Tus | =8.6 | |
openSUSE Leap | =15.0 | |
openSUSE Leap | =15.1 | |
openSUSE Leap | =42.3 | |
IBM Data Risk Manager | <=2.0.6 | |
debian/linux | 5.10.223-1 5.10.226-1 6.1.106-3 6.1.112-1 6.11.4-1 6.11.5-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)