CVE-2019-3459

Source
Severity Medium
Remote Yes
Type Information disclosure
Description
In the functions l2cap_parse_conf_rsp, l2cap_parse_conf_req (l2cap_core.c), and other locations, there is a while loop which is used to parse configuration elements during an L2cap connection negotiation process.

In this function, the processing of data is performed in the while loop before the check if all the data processed is inside the buffer. In addition, if data outside of the buffer is processed, the function will not return an error.

Therefore, data that is out of bands can be processed, and in some cases returned to the attacker.
Group Package Affected Fixed Severity Status Ticket
AVG-850 linux 4.20.arch1-1 Critical Vulnerable
References
https://lore.kernel.org/linux-bluetooth/20190110062917.GB15047@kroah.com/