Bugzilla – Bug 1013885
VUL-0: CVE-2016-9803: bluez: out-of-bounds read in le_meta_ev_dump()
Last modified: 2022-12-22 04:55:27 UTC
rh#1401543 In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" function in "tools/parser/hci.c" source file. This issue exists because 'subevent' (which is used to read correct element from 'ev_le_meta_str' array) is overflowed. References: https://bugzilla.redhat.com/show_bug.cgi?id=1401543 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9803 http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9803.html http://www.cvedetails.com/cve/CVE-2016-9803/
Created attachment 705030 [details] dump file to reproduce the issue
Only SUSE:SLE-12:Update and SUSE:SLE-12-SP2:Update codestreams are affected. Older versions don't contain the code in question. QA reproducer: Using the attached dump file I was NOT able to show symptoms of the issue on SLES-12-SP2. The supposed reproducer command is: valgrind hcidump -a -r CVE-2016-9803 The out of bound access does by chance not cause a crash of valgrind errors. The original reporter only reproduced it in a bluez version compiled with '-fsanitize=address'.
bugbot adjusting priority
Not in regularly maintained products, closing
(In reply to Johannes Segitz from comment #5) Error on my side. Please submit for SLE 12 SP2. Thank you
SUSE-SU-2022:3718-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1013885,1193237 CVE References: CVE-2016-9803,CVE-2019-8921 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): bluez-5.13-5.31.1 SUSE OpenStack Cloud 9 (src): bluez-5.13-5.31.1 SUSE Linux Enterprise Workstation Extension 12-SP5 (src): bluez-5.13-5.31.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): bluez-5.13-5.31.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): bluez-5.13-5.31.1 SUSE Linux Enterprise Server 12-SP5 (src): bluez-5.13-5.31.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): bluez-5.13-5.31.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): bluez-5.13-5.31.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): bluez-5.13-5.31.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
(In reply to Joey Lee from comment #16) > (In reply to Gabriele Sonnu from comment #13) > > Hi Joey, any update? > > Our tracking shows a missing submission for SUSE:SLE-12-SP2:Update/bluez. > > I have checked SLE12-SP2:Update/bluez-5.13, it missed f25df405f2. I will > backport it. > > On the other hand, looks that all bluez/changelog in different SLE version > do NOT have bsc#1013885, CVE-2016-9803. I will add them to changelog and > spec file. The submitreq of backported f25df405f2 be merged to 12-SP2:Update/bluez-5.13: https://build.suse.de/request/show/282906
(In reply to Joey Lee from comment #19) > (In reply to Joey Lee from comment #16) > > (In reply to Gabriele Sonnu from comment #13) > > > Hi Joey, any update? > > > Our tracking shows a missing submission for SUSE:SLE-12-SP2:Update/bluez. > > > > I have checked SLE12-SP2:Update/bluez-5.13, it missed f25df405f2. I will > > backport it. > > > > On the other hand, looks that all bluez/changelog in different SLE version > > do NOT have bsc#1013885, CVE-2016-9803. I will add them to changelog and > > spec file. > > The submitreq of backported f25df405f2 be merged to 12-SP2:Update/bluez-5.13: > > https://build.suse.de/request/show/282906 The change be merged. Set this issue to fixed.