Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM - linux - Linux Kernel (branches are rebased on master from time to time)

diff options

author	Luiz Augusto von Dentz <luiz.von.dentz@intel.com>	2022-10-31 16:10:32 -0700
committer	Luiz Augusto von Dentz <luiz.von.dentz@intel.com>	2022-11-02 16:36:59 -0700
commit	711f8c3fb3db61897080468586b970c87c61d9e4 (patch)
tree	cedd21a4c8b64b3ae4587293046b9f72d166c886 /net/nfc/nci
parent	5638d9ea9c01c77fc11693d48cf719bc7e88f224 (diff)
download	linux-711f8c3fb3db61897080468586b970c87c61d9e4.tar.bz2

Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM

The Bluetooth spec states that the valid range for SPSM is from 0x0001-0x00ff so it is invalid to accept values outside of this range: BLUETOOTH CORE SPECIFICATION Version 5.3 | Vol 3, Part A page 1059: Table 4.15: L2CAP_LE_CREDIT_BASED_CONNECTION_REQ SPSM ranges CVE: CVE-2022-42896 CC: stable@vger.kernel.org Reported-by: Tamás Koczka <poprdi@google.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Reviewed-by: Tedd Ho-Jeong An <tedd.an@intel.com>

Diffstat (limited to 'net/nfc/nci')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: