Описание
The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application.
It was found that the Bluebooth Network Encapsulation Protocol (BNEP) implementation did not validate the type of second socket passed to the BNEPCONNADD ioctl(), which could lead to memory corruption. A local user with the CAP_NET_ADMIN capability can use this for denial of service (crash or data corruption) or possibly for privilege escalation. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we feel it is unlikely.
Отчет
This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 and 6, as namespaces feature, which is required for an attack, is not present in these products. This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE, as this flaw was already fixed in this products.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kernel | Not affected | ||
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-alt | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Not affected | ||
| Red Hat Enterprise MRG 2 | realtime-kernel | Not affected |
Показывать по
Дополнительная информация
Статус:
7 High
CVSS3
Связанные уязвимости
The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application.
The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application.
The bnep_add_connection function in net/bluetooth/bnep/core.c in the L ...
Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP1)
Security update for the Linux Kernel (Live Patch 29 for SLE 12)
7 High
CVSS3