CVE-2024-22099
Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
References
Notes
carnil> The CVE description reads as "NULL Pointer Dereference
carnil> vulnerability in Linux Linux kernel kernel on Linux, x86, ARM
carnil> (net, bluetooth modules) allows Overflow Buffers. This
carnil> vulnerability is associated with program files
carnil> /net/bluetooth/rfcomm/core.c. This issue affects Linux kernel:
carnil> v2.6.12-rc2." and gives an indication on affected ranges from
carnil> v2.6.12-rc2 before v6.8-rc1. The OpenAnolis issue is to date
carnil> (2024-01-25) still restricted.
carnil> Fixed in 6.7.11 as well.
Bugs
Status
| Branch |
Status |
| 4.19-buster-security |
needed
|
| 4.19-upstream-stable |
released (4.19.311) [369f419c097e82407dd429a202cde9a73d3ae29b]
|
| 5.10-bullseye-security |
released (5.10.216-1)
|
| 5.10-upstream-stable |
released (5.10.214) [81d7d920a22fd58ef9aedb1bd0a68ee32bd23e96]
|
| 6.1-bookworm-security |
released (6.1.82-1) [bugfix/all/Bluetooth-rfcomm-Fix-null-ptr-deref-in-rfcomm_check_.patch]
|
| 6.1-upstream-stable |
released (6.1.83) [567c0411dc3b424fc7bd1e6109726d7ba32d4f73]
|
| 6.6-upstream-stable |
unknown
|
| 6.8-upstream-stable |
unknown
|
| sid |
needed
|
| upstream |
released (6.8-rc7) [2535b848fa0f42ddff3e5255cf5e742c9b77bb26]
|