Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM
Origin: https://git.kernel.org/linus/
711f8c3fb3db61897080468586b970c87c61d9e4
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2022-42896
The Bluetooth spec states that the valid range for SPSM is from
0x0001-0x00ff so it is invalid to accept values outside of this range:
BLUETOOTH CORE SPECIFICATION Version 5.3 | Vol 3, Part A
page 1059:
Table 4.15: L2CAP_LE_CREDIT_BASED_CONNECTION_REQ SPSM ranges
CVE: CVE-2022-42896
CC: stable@vger.kernel.org
Reported-by: Tamás Koczka <poprdi@google.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Reviewed-by: Tedd Ho-Jeong An <tedd.an@intel.com>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name Bluetooth-L2CAP-Fix-accepting-connection-request-for.patch
projects / linux.git / commit