Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (711f8c3f) · Commits · Mirrors / github.com / raspberrypi_linux

Commit 711f8c3f authored Oct 31, 2022 by

Luiz Augusto von Dentz

Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM



The Bluetooth spec states that the valid range for SPSM is from
0x0001-0x00ff so it is invalid to accept values outside of this range:

  BLUETOOTH CORE SPECIFICATION Version 5.3 | Vol 3, Part A
  page 1059:
  Table 4.15: L2CAP_LE_CREDIT_BASED_CONNECTION_REQ SPSM ranges

CVE: CVE-2022-42896
CC: stable@vger.kernel.org
Reported-by: Tamás Koczka <poprdi@google.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Reviewed-by: Tedd Ho-Jeong An <tedd.an@intel.com>

parent 5638d9ea

Hide whitespace changes

Inline Side-by-side

Please register or to comment