Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix for BleedingTooth security vulnerability #12

Merged
merged 5 commits into from
Oct 15, 2020
Merged

Fix for BleedingTooth security vulnerability #12

merged 5 commits into from
Oct 15, 2020

Commits on Oct 15, 2020

  1. Bluetooth: fix kernel oops in store_pending_adv_report 

    Fix kernel oops observed when an ext adv data is larger than 31 bytes.

This can be reproduced by setting up an advertiser with advertisement
larger than 31 bytes.  The issue is not sensitive to the advertisement
content.  In particular, this was reproduced with an advertisement of
229 bytes filled with 'A'.  See stack trace below.

This is fixed by not catching ext_adv as legacy adv are only cached to
be able to concatenate a scanable adv with its scan response before
sending it up through mgmt.

With ext_adv, this is no longer necessary.

Taken from https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=a2ec905d1e160a33b2e210e45ad30445ef26ce0e
By Linus Torvalds <torvalds@linux-foundation.org>

Change-Id: Iad1e016df8e034318c9bd197aaeae4ba712cc99f
    @Flamefire
    Flamefire committed Oct 15, 2020
    Configuration menu
    Copy the full SHA
    d01cb2d View commit details
    Browse the repository at this point in the history

  2. Bluetooth: Use BT_ERR_RATELIMITED instead of bt_dev_err_ratelimited 

    The latter is not yet available

Change-Id: I0ec2408def623145462541d8f76605882e45a2fe
    @Flamefire
    Flamefire committed Oct 15, 2020
    Configuration menu
    Copy the full SHA
    3e40cf9 View commit details
    Browse the repository at this point in the history

  3. Bluetooth: A2MP: Fix not initializing all members 

    This fixes various places where a stack variable is used uninitialized.

Taken from https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-1-luiz.dentz@gmail.com/
By Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

Change-Id: I26912bad4c38f5c6078c802d90f1fd25f659ecba
    @Flamefire
    Flamefire committed Oct 15, 2020
    Configuration menu
    Copy the full SHA
    fa30ea3 View commit details
    Browse the repository at this point in the history

  4. Bluetooth: Disable High Speed by default 

    Bluetooth High Speed requires hardware support which is very uncommon
nowadays since HS has not pickup interest by the industry.

From https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-3-luiz.dentz@gmail.com/
By Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

Change-Id: I9b731761667e940b664731a4372a2679f1d76613
    @Flamefire
    Flamefire committed Oct 15, 2020
    Configuration menu
    Copy the full SHA
    9f69b5f View commit details
    Browse the repository at this point in the history

  5. Bluetooth: MGMT: Fix not checking if BT_HS is enabled 

    This checks if BT_HS is enabled relecting it on MGMT_SETTING_HS instead
of always reporting it as supported.

From https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-4-luiz.dentz@gmail.com/
By Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

Change-Id: I8a622e760317ee0ae3e669911b0950e274f2859f
    @Flamefire
    Flamefire committed Oct 15, 2020
    Configuration menu
    Copy the full SHA
    1b14f27 View commit details
    Browse the repository at this point in the history