CVE-2019-3459 log

Source
Severity Medium
Remote Yes
Type Information disclosure
Description
In the functions l2cap_parse_conf_rsp, l2cap_parse_conf_req (l2cap_core.c), and other locations, there is a while loop which is used to parse configuration elements during an L2cap connection negotiation process.

In this function, the processing of data is performed in the while loop before the check if all the data processed is inside the buffer. In addition, if data outside of the buffer is processed, the function will not return an error.

Therefore, data that is out of bands can be processed, and in some cases returned to the attacker.
Group Package Affected Fixed Severity Status Ticket
AVG-988 linux 5.0.5.arch1-1 5.0.6.arch1-1 Medium Fixed
References
https://lore.kernel.org/linux-bluetooth/20190110062917.GB15047@kroah.com/