CVE-2020-35499 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Information disclosure
Description	A security issue was found in the Linux kernel before version 5.10.4. A NULL pointer dereference flaw may be seen as the sco_sock_getsockopt function in net/bluetooth/sco.c does not have a sanity check for a socket connection when using BT_SNDMTU/BT_RCVMTU for SCO sockets. This could allow a local attacker with special user privileges to crash the system or leak kernel internal information.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1394	linux	5.10.3.arch1-1	5.10.4.arch1-1	Medium	Fixed

References
https://bugzilla.redhat.com/show_bug.cgi?id=1910048 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=6013c99742160d3901c4d108733e29b83b25f452