Bugzilla – Bug 1194704
VUL-0: CVE-2022-0204: bluez: heap-based buffer overflow in the implementation of the gatt protocol
Last modified: 2024-05-20 10:04:31 UTC
rh#2039807 A heap-based buffer overflow was found in BlueZ in the implementation of the gatt protocol due to an integer overflow. Upstream commit: https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0 Reference: https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q https://bugzilla.redhat.com/show_bug.cgi?id=2039807 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0204
I think this commit introduced the bug [0], and was introduced in v5.39. I think that the following codestreams are affected: - openSUSE:Factory 5.62 - openSUSE:Leap:15.3:Update 5.55 - SUSE:SLE-15:Update 5.48 - SUSE:SLE-15-SP3:Update 5.55 - SUSE:SLE-15-SP2:Update 5.48 [0] https://github.com/bluez/bluez/commit/55bcfbc309ed0c91190aeabd3ba03d20c7da1470
Al, could you have a look and work on the needed submissions?
(In reply to Alexander Bergmann from comment #2) > Al, could you have a look and work on the needed submissions? Hi Al, could you please have a look on the needed submissions ? :)
Hi Thomas, (In reply to Thomas Leroy from comment #3) > (In reply to Alexander Bergmann from comment #2) > > Al, could you have a look and work on the needed submissions? > > Hi Al, could you please have a look on the needed submissions ? :) Thanks for your information. I will backport patch.
(In reply to Thomas Leroy from comment #1) > I think this commit introduced the bug [0], and was introduced in v5.39. I > think that the following codestreams are affected: > - openSUSE:Factory 5.62 > - openSUSE:Leap:15.3:Update 5.55 > - SUSE:SLE-15:Update 5.48 > - SUSE:SLE-15-SP3:Update 5.55 > - SUSE:SLE-15-SP2:Update 5.48 > > [0] > https://github.com/bluez/bluez/commit/ > 55bcfbc309ed0c91190aeabd3ba03d20c7da1470 I have backported 591c546c5 bluez patch to the following projects: - openSUSE:Factory 5.64 [5.64 includes 591c546c53] - openSUSE:Leap:15.3:Update 5.55 [inherit from SLE15-SP3] - SUSE:SLE-15:Update 5.48 [backported] - SUSE:SLE-15-SP3:Update 5.55 [backported] - SUSE:SLE-15-SP2:Update 5.48 [backported] Those submit requests are waiting approval.
(In reply to Joey Lee from comment #6) [...snip[] > > I have backported 591c546c5 bluez patch to the following projects: > > - openSUSE:Factory 5.64 [5.64 includes 591c546c53] > - openSUSE:Leap:15.3:Update 5.55 [inherit from SLE15-SP3] > - SUSE:SLE-15:Update 5.48 [backported] > - SUSE:SLE-15-SP3:Update 5.55 [backported] > - SUSE:SLE-15-SP2:Update 5.48 [backported] > > Those submit requests are waiting approval. Backported bluez patch be merged: SLE15 Update https://build.suse.de/request/show/277719 SLE15-SP2 Update https://build.suse.de/request/show/277717 SLE15-SP3 Update https://build.suse.de/request/show/277714 Reassign to security team.
SUSE-SU-2022:2837-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1194704 CVE References: CVE-2022-0204 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15-SP1 (src): bluez-5.48-150000.5.31.1 SUSE Linux Enterprise Server for SAP 15 (src): bluez-5.48-150000.5.31.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): bluez-5.48-150000.5.31.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): bluez-5.48-150000.5.31.1 SUSE Linux Enterprise Server 15-LTSS (src): bluez-5.48-150000.5.31.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): bluez-5.48-150000.5.31.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): bluez-5.48-150000.5.31.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): bluez-5.48-150000.5.31.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): bluez-5.48-150000.5.31.1 SUSE Enterprise Storage 6 (src): bluez-5.48-150000.5.31.1 SUSE CaaS Platform 4.0 (src): bluez-5.48-150000.5.31.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:2883-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1194704 CVE References: CVE-2022-0204 JIRA References: Sources used: openSUSE Leap 15.3 (src): bluez-5.55-150300.3.11.1 SUSE Linux Enterprise Workstation Extension 15-SP3 (src): bluez-5.55-150300.3.11.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (src): bluez-5.55-150300.3.11.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): bluez-5.55-150300.3.11.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:2948-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1193227,1194704 CVE References: CVE-2019-8922,CVE-2022-0204 JIRA References: Sources used: SUSE Manager Server 4.1 (src): bluez-5.48-150200.13.8.1 SUSE Manager Retail Branch Server 4.1 (src): bluez-5.48-150200.13.8.1 SUSE Manager Proxy 4.1 (src): bluez-5.48-150200.13.8.1 SUSE Linux Enterprise Server for SAP 15-SP2 (src): bluez-5.48-150200.13.8.1 SUSE Linux Enterprise Server 15-SP2-LTSS (src): bluez-5.48-150200.13.8.1 SUSE Linux Enterprise Server 15-SP2-BCL (src): bluez-5.48-150200.13.8.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): bluez-5.48-150200.13.8.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): bluez-5.48-150200.13.8.1 SUSE Enterprise Storage 7 (src): bluez-5.48-150200.13.8.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
(In reply to Joey Lee from comment #7) > (In reply to Joey Lee from comment #6) > [...snip[] > > > > I have backported 591c546c5 bluez patch to the following projects: > > > > - openSUSE:Factory 5.64 [5.64 includes 591c546c53] > > - openSUSE:Leap:15.3:Update 5.55 [inherit from SLE15-SP3] > > - SUSE:SLE-15:Update 5.48 [backported] > > - SUSE:SLE-15-SP3:Update 5.55 [backported] > > - SUSE:SLE-15-SP2:Update 5.48 [backported] > > > > Those submit requests are waiting approval. > > Backported bluez patch be merged: > > SLE15 Update > https://build.suse.de/request/show/277719 > > SLE15-SP2 Update > https://build.suse.de/request/show/277717 > > SLE15-SP3 Update > https://build.suse.de/request/show/277714 > > Reassign to security team. Thank you very much for your work Joey. I think SUSE:SLE-15-SP4:Update also needs a fix...
(In reply to Thomas Leroy from comment #12) > (In reply to Joey Lee from comment #7) [...snip] > > Backported bluez patch be merged: > > > > SLE15 Update > > https://build.suse.de/request/show/277719 > > > > SLE15-SP2 Update > > https://build.suse.de/request/show/277717 > > > > SLE15-SP3 Update > > https://build.suse.de/request/show/277714 > > > > Reassign to security team. > > Thank you very much for your work Joey. I think SUSE:SLE-15-SP4:Update also > needs a fix... Thanks for Thomas's reminder. I have submitted request to 15-SP4/bluez: https://build.suse.de/request/show/279190
(In reply to Joey Lee from comment #13) > (In reply to Thomas Leroy from comment #12) > > (In reply to Joey Lee from comment #7) > [...snip] > > > Backported bluez patch be merged: > > > > > > SLE15 Update > > > https://build.suse.de/request/show/277719 > > > > > > SLE15-SP2 Update > > > https://build.suse.de/request/show/277717 > > > > > > SLE15-SP3 Update > > > https://build.suse.de/request/show/277714 > > > > > > Reassign to security team. > > > > Thank you very much for your work Joey. I think SUSE:SLE-15-SP4:Update also > > needs a fix... > > Thanks for Thomas's reminder. I have submitted request to 15-SP4/bluez: > > https://build.suse.de/request/show/279190 The change be merged to 15-SP4. Reset assigner.
SUSE-SU-2022:3247-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1194704 CVE References: CVE-2022-0204 JIRA References: Sources used: openSUSE Leap 15.4 (src): bluez-5.62-150400.4.5.1 SUSE Linux Enterprise Workstation Extension 15-SP4 (src): bluez-5.62-150400.4.5.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (src): bluez-5.62-150400.4.5.1 SUSE Linux Enterprise Module for Basesystem 15-SP4 (src): bluez-5.62-150400.4.5.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
All done, closing.