From: Greg KH <gregkh@linuxfoundation.org>
To: Cengiz Can <cengiz.can@canonical.com>
Cc: Luiz Augusto von Dentz <luiz.dentz@gmail.com>,
linux-bluetooth@vger.kernel.org, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: Regarding 711f8c3fb3db "Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM"
Date: Tue, 6 Dec 2022 12:49:27 +0100 [thread overview]
Message-ID: <Y48sR0xv0yuH8GDd@kroah.com> (raw)
In-Reply-To: <f0b260c1-a7c4-9e0e-5b29-a3c8a7570df1@canonical.com>
On Tue, Dec 06, 2022 at 02:27:27PM +0300, Cengiz Can wrote:
> Hello Luiz Augusto,
>
>
> I'm by no means a bluetooth expert so please bear with me if my
> questions sound dumb or pointless.
>
>
> I'm trying to backport commit 711f8c3fb3db ("Bluetooth: L2CAP: Fix
> accepting connection request for invalid SPSM") to v4.15.y and older
> stable kernels. (CVE-2022-42896)
>
>
> According to the changes to `net/bluetooth/l2cap_core.c` there are two
> functions that need patching:
>
>
> * l2cap_le_connect_req
> * l2cap_ecred_conn_req
>
>
>
> Only the former exists in kernels <= v4.15.y. So I decided to skip
>
> l2cap_ecred_conn_req for older kernels.
>
>
> Do you think this would be enough to mitigate the issue?
>
>
>
> If so, older kernels also lack definitions of L2CAP_CR_LE_BAD_PSM and
>
> L2CAP_PSM_LE_DYN_END.
>
>
> I see that L2CAP_CR_LE_BAD_PSM is basically the same as
> L2CAP_CR_BAD_PSM so I used it to signify an error.
>
>
> I think it should be enough for the sake of a backport.
>
>
> What do you think?
I've already done this backport and it is in the latest -rc1 stable
kernel releases. Is it not working for you there? Why do it again?
thanks,
greg k-h
next prev parent reply other threads:[~2022-12-06 11:49 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-06 11:27 Regarding 711f8c3fb3db "Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM" Cengiz Can
2022-12-06 11:49 ` Greg KH [this message]
2022-12-06 12:03 ` Cengiz Can
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y48sR0xv0yuH8GDd@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=cengiz.can@canonical.com \
--cc=linux-bluetooth@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luiz.dentz@gmail.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.