diff options
author | Luiz Augusto von Dentz <luiz.von.dentz@intel.com> | 2022-10-31 16:10:32 -0700 |
---|---|---|
committer | Luiz Augusto von Dentz <luiz.von.dentz@intel.com> | 2022-11-02 16:36:59 -0700 |
commit | 711f8c3fb3db61897080468586b970c87c61d9e4 (patch) | |
tree | cedd21a4c8b64b3ae4587293046b9f72d166c886 /net/x25/x25_facilities.c | |
parent | 5638d9ea9c01c77fc11693d48cf719bc7e88f224 (diff) | |
download | linux-711f8c3fb3db61897080468586b970c87c61d9e4.tar.bz2 |
Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM
The Bluetooth spec states that the valid range for SPSM is from
0x0001-0x00ff so it is invalid to accept values outside of this range:
BLUETOOTH CORE SPECIFICATION Version 5.3 | Vol 3, Part A
page 1059:
Table 4.15: L2CAP_LE_CREDIT_BASED_CONNECTION_REQ SPSM ranges
CVE: CVE-2022-42896
CC: stable@vger.kernel.org
Reported-by: Tamás Koczka <poprdi@google.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Reviewed-by: Tedd Ho-Jeong An <tedd.an@intel.com>
Diffstat (limited to 'net/x25/x25_facilities.c')
0 files changed, 0 insertions, 0 deletions