]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit
projects / thirdparty / openembedded / openembedded-core-contrib.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7f1a862) | patch
bluez5: fix CVE-2023-45866
authorArchana Polampalli <archana.polampalli@windriver.com>
Fri, 8 Dec 2023 11:44:15 +0000 (11:44 +0000)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Sat, 9 Dec 2023 19:16:35 +0000 (19:16 +0000)
commitef93aa6a815f2732dadf14e2d7e62c15c46b6007
treeaf3612ee81b83a041490b17cb19e5fb5a1e85afctree | snapshot
parent7f1a862d2a432f216e37bf63648bef787422a43dcommit | diff
bluez5: fix CVE-2023-45866

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role
HID Device to initiate and establish an encrypted connection, and accept HID
keyboard reports,potentially permitting injection of HID messages when no user
interaction has occurred in the Central role to authorize such access. An example
affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases,
a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-45866

Upstream patches:
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-connectivity/bluez5/bluez5.inc diff | blob | blame | history
meta/recipes-connectivity/bluez5/bluez5/CVE-2023-45866.patch [new file with mode: 0644] blob
Mirror of git://git.openembedded.org/openembedded-core-contrib