Bugzilla – Bug 1013732
VUL-0: CVE-2016-9801: bluez: buffer overflow in set_ext_ctrl()
Last modified: 2020-04-24 14:55:50 UTC
In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" function in "tools/parser/l2cap.c" source file when processing corrupted dump file. References: https://bugzilla.redhat.com/show_bug.cgi?id=1401538 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9801 http://www.cvedetails.com/cve/CVE-2016-9801/
Created attachment 704880 [details] dump file to reproduce the issue
The affected code is only contained in SLE-12-* codestreams. QA reproducer: Using the attached dump file I was not able to show any symptoms of the issue. The best we can do is this: valgrind hcidump -a -r CVE-2016-9801 But as the discoverer of the bug states this bug only shows when the binary has been built with '-fsanitize=address'. valgrind only shows messages about undefined values, which may also be related to the issue but I'm not sure about it.
bugbot adjusting priority
SUSE-SU-2018:4188-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1013721,1013732 CVE References: CVE-2016-9800,CVE-2016-9801 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP4 (src): bluez-5.13-5.7.1 SUSE Linux Enterprise Workstation Extension 12-SP3 (src): bluez-5.13-5.7.1 SUSE Linux Enterprise Software Development Kit 12-SP4 (src): bluez-5.13-5.7.1 SUSE Linux Enterprise Software Development Kit 12-SP3 (src): bluez-5.13-5.7.1 SUSE Linux Enterprise Server 12-SP4 (src): bluez-5.13-5.7.1 SUSE Linux Enterprise Server 12-SP3 (src): bluez-5.13-5.7.1 SUSE Linux Enterprise Desktop 12-SP4 (src): bluez-5.13-5.7.1 SUSE Linux Enterprise Desktop 12-SP3 (src): bluez-5.13-5.7.1
SUSE-SU-2018:4189-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1013721,1013732 CVE References: CVE-2016-9800,CVE-2016-9801 Sources used: SUSE Linux Enterprise Workstation Extension 15 (src): bluez-5.48-5.8.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): bluez-5.48-5.8.1 SUSE Linux Enterprise Module for Desktop Applications 15 (src): bluez-5.48-5.8.1 SUSE Linux Enterprise Module for Basesystem 15 (src): bluez-5.48-5.8.1
openSUSE-SU-2018:4259-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1013721,1013732 CVE References: CVE-2016-9800,CVE-2016-9801 Sources used: openSUSE Leap 15.0 (src): bluez-5.48-lp150.4.6.1
SUSE-SU-2019:0510-1: An update that fixes 6 vulnerabilities is now available. Category: security (moderate) Bug References: 1013721,1013732,1013877,1015173,1026652,1057342 CVE References: CVE-2016-7837,CVE-2016-9800,CVE-2016-9801,CVE-2016-9804,CVE-2016-9918,CVE-2017-1000250 Sources used: SUSE Linux Enterprise Server for SAP 12-SP1 (src): bluez-5.13-3.10.1 SUSE Linux Enterprise Server 12-SP1-LTSS (src): bluez-5.13-3.10.1 SUSE Linux Enterprise Server 12-LTSS (src): bluez-5.13-3.10.1
Done