cve/published/2024/CVE-2024-36033.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-36033: Bluetooth: qca: fix info leak when fetching board id

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 Bluetooth: qca: fix info leak when fetching board id

 Add the missing sanity check when fetching the board id to avoid leaking
 slab data when later requesting the firmware.

 The Linux kernel CVE team has assigned CVE-2024-36033 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 6.7 with commit a7f8dedb4be2cc930a29af24427b885405ecd15d and fixed in 6.8.10 with commit f30c37cb4549baf8377434892d520fe7769bdba7
 	Issue introduced in 6.7 with commit a7f8dedb4be2cc930a29af24427b885405ecd15d and fixed in 6.9 with commit 0adcf6be1445ed50bfd4a451a7a782568f270197

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-36033
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/bluetooth/btqca.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/a3dff121a7f5104c4c2d47edaa2351837ef645dd
 	https://git.kernel.org/stable/c/bcccdc947d2ca5972b1e92d0dea10803ddc08ceb
 	https://git.kernel.org/stable/c/ba307abed5e09759845c735ba036f8c12f55b209
 	https://git.kernel.org/stable/c/f30c37cb4549baf8377434892d520fe7769bdba7
 	https://git.kernel.org/stable/c/0adcf6be1445ed50bfd4a451a7a782568f270197
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-36033: Bluetooth: qca: fix info leak when fetching board id

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	Bluetooth: qca: fix info leak when fetching board id

	Add the missing sanity check when fetching the board id to avoid leaking
	slab data when later requesting the firmware.

	The Linux kernel CVE team has assigned CVE-2024-36033 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 6.7 with commit a7f8dedb4be2cc930a29af24427b885405ecd15d and fixed in 6.8.10 with commit f30c37cb4549baf8377434892d520fe7769bdba7
	Issue introduced in 6.7 with commit a7f8dedb4be2cc930a29af24427b885405ecd15d and fixed in 6.9 with commit 0adcf6be1445ed50bfd4a451a7a782568f270197

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-36033
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/bluetooth/btqca.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/a3dff121a7f5104c4c2d47edaa2351837ef645dd
	https://git.kernel.org/stable/c/bcccdc947d2ca5972b1e92d0dea10803ddc08ceb
	https://git.kernel.org/stable/c/ba307abed5e09759845c735ba036f8c12f55b209
	https://git.kernel.org/stable/c/f30c37cb4549baf8377434892d520fe7769bdba7
	https://git.kernel.org/stable/c/0adcf6be1445ed50bfd4a451a7a782568f270197