An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf.
References
Link | Resource |
---|---|
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.1 | Mailing List Patch Release Notes Vendor Advisory |
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51c19bf3d5cfaa66571e4b88ba2a6f6295311101 | Patch Vendor Advisory |
https://sites.google.com/view/syzscope/kasan-slab-out-of-bounds-read-in-hci_extended_inquiry_result_evt | Patch Third Party Advisory |
https://syzkaller.appspot.com/bug?id=4bf11aa05c4ca51ce0df86e500fce486552dc8d2 | Patch Third Party Advisory |
https://syzkaller.appspot.com/text?tag=ReproC&x=15ca2f46900000 | Exploit Third Party Advisory |
Configurations
History
06 Jul 2021, 15:36
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://syzkaller.appspot.com/bug?id=4bf11aa05c4ca51ce0df86e500fce486552dc8d2 - Patch, Third Party Advisory | |
References | (MISC) https://sites.google.com/view/syzscope/kasan-slab-out-of-bounds-read-in-hci_extended_inquiry_result_evt - Patch, Third Party Advisory | |
References | (MISC) https://syzkaller.appspot.com/text?tag=ReproC&x=15ca2f46900000 - Exploit, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.6
v3 : 7.1 |
14 Jun 2021, 18:57
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://sites.google.com/view/syzscope/kasan-slab-out-of-bounds-read-in-hci_extended_inquiry_result_evt - Exploit, Patch, Third Party Advisory | |
References | (MISC) https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.1 - Mailing List, Patch, Release Notes, Vendor Advisory | |
References | (MISC) https://syzkaller.appspot.com/text?tag=ReproC&x=15ca2f46900000 - Third Party Advisory | |
References | (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51c19bf3d5cfaa66571e4b88ba2a6f6295311101 - Patch, Vendor Advisory | |
References | (MISC) https://syzkaller.appspot.com/bug?id=4bf11aa05c4ca51ce0df86e500fce486552dc8d2 - Exploit, Third Party Advisory | |
CWE | CWE-125 | |
CVSS |
v2 : v3 : |
v2 : 4.9
v3 : 5.5 |
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
07 Jun 2021, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-06-07 20:15
Updated : 2023-12-10 13:55
NVD link : CVE-2020-36386
Mitre link : CVE-2020-36386
CVE.ORG link : CVE-2020-36386
JSON object : View
Products Affected
linux
- linux_kernel
CWE
CWE-125
Out-of-bounds Read