cve/published/2024/CVE-2024-53144.mbox

From bippy-7c5fe7eed585 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: <linux-cve-announce@vger.kernel.org>
Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
Subject: CVE-2024-53144: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE

This aligned BR/EDR JUST_WORKS method with LE which since 92516cd97fd4
("Bluetooth: Always request for user confirmation for Just Works")
always request user confirmation with confirm_hint set since the
likes of bluetoothd have dedicated policy around JUST_WORKS method
(e.g. main.conf:JustWorksRepairing).

CVE: CVE-2024-8805

The Linux kernel CVE team has assigned CVE-2024-53144 to this issue.


Affected and fixed versions
===========================

	Issue introduced in 3.16 with commit ba15a58b179ed76a7e887177f2b06de12c58ec8f and fixed in 5.10.236 with commit baaa50c6f91ea5a9c7503af51f2bc50e6568b66b
	Issue introduced in 3.16 with commit ba15a58b179ed76a7e887177f2b06de12c58ec8f and fixed in 5.15.180 with commit 22b49d6e4f399a390c70f3034f5fbacbb9413858
	Issue introduced in 3.16 with commit ba15a58b179ed76a7e887177f2b06de12c58ec8f and fixed in 6.1.113 with commit d17c631ba04e960eb6f8728b10d585de20ac4f71
	Issue introduced in 3.16 with commit ba15a58b179ed76a7e887177f2b06de12c58ec8f and fixed in 6.6.55 with commit 830c03e58beb70b99349760f822e505ecb4eeb7e
	Issue introduced in 3.16 with commit ba15a58b179ed76a7e887177f2b06de12c58ec8f and fixed in 6.10.14 with commit ad7adfb95f64a761e4784381e47bee1a362eb30d
	Issue introduced in 3.16 with commit ba15a58b179ed76a7e887177f2b06de12c58ec8f and fixed in 6.11.3 with commit 5291ff856d2c5177b4fe9c18828312be30213193
	Issue introduced in 3.16 with commit ba15a58b179ed76a7e887177f2b06de12c58ec8f and fixed in 6.12 with commit b25e11f978b63cb7857890edb3a698599cddb10e
	Issue introduced in 3.2.61 with commit 373d1dfcffc63c68184419264a7eaed422c7958e
	Issue introduced in 3.4.98 with commit bc96ff59b2f19e924d9e15e24cee19723d674b92
	Issue introduced in 3.10.48 with commit 6ab84785311dc4d0348e6bd4e1c491293b770b98
	Issue introduced in 3.12.25 with commit 778763287ded64dd5c022435d3e0e3182f148a64
	Issue introduced in 3.14.12 with commit 9a5fcacabde0fe11456f4a1e88072c01846cea25
	Issue introduced in 3.15.5 with commit 039da39a616103ec7ab8ac351bfb317854e5507c

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-53144
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	net/bluetooth/hci_event.c


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/baaa50c6f91ea5a9c7503af51f2bc50e6568b66b
	https://git.kernel.org/stable/c/22b49d6e4f399a390c70f3034f5fbacbb9413858
	https://git.kernel.org/stable/c/d17c631ba04e960eb6f8728b10d585de20ac4f71
	https://git.kernel.org/stable/c/830c03e58beb70b99349760f822e505ecb4eeb7e
	https://git.kernel.org/stable/c/ad7adfb95f64a761e4784381e47bee1a362eb30d
	https://git.kernel.org/stable/c/5291ff856d2c5177b4fe9c18828312be30213193
	https://git.kernel.org/stable/c/b25e11f978b63cb7857890edb3a698599cddb10e
	https://www.zerodayinitiative.com/advisories/ZDI-24-1229/