In the Linux kernel, the following vulnerability has been resolved: bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX…
Linux·CWE-763·Published 2024-07-30
In the Linux kernel, the following vulnerability has been resolved: bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX Syzbot hit warning in hci_conn_del() caused by freeing handle that was not allocated using ida allocator. This is caused by handle bigger than HCI_CONN_HANDLE_MAX passed by hci_le_big_sync_established_evt(), which makes code think it's unset connection. Add same check for handle upper bound as in hci_conn_set_handle() to prevent warning.
In the Linux kernel, the following vulnerability has been resolved: bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX Syzbot hit warning in hci_conn_del() caused by freeing handle that was not allocated using ida allocator. This is caused by handle bigger than HCI_CONN_HANDLE_MAX passed by hci_le_big_sync_established_evt(), which makes code think it's unset connection. Add same check for handle upper bound as in hci_conn_set_handle() to prevent warning.
En el kernel de Linux, se resolvió la siguiente vulnerabilidad: bluetooth/hci: no permitir configuración de identificador mayor que HCI_CONN_HANDLE_MAX Advertencia de activación de Syzbot en hci_conn_del() causada por la liberación del identificador que no se asignó mediante el asignador de ida. Esto se debe a un identificador mayor que HCI_CONN_HANDLE_MAX pasado por hci_le_big_sync_establecido_evt(), lo que hace que el código piense que es una conexión no configurada. Agregue la misma verificación para el límite superior del controlador que en hci_conn_set_handle() para evitar advertencias.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 3.1 | Primary | NVD | 7.1 | 1.8 | 5.2 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |