code.ossystems Code Review - openembedded-core.git/commit

]> code.ossystems Code Review - openembedded-core.git/commit

Code Review / openembedded-core.git / commit

author	Anuj Mittal <anuj.mittal@intel.com>
	Fri, 13 Mar 2020 01:09:38 +0000 (09:09 +0800)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Fri, 13 Mar 2020 13:35:58 +0000 (13:35 +0000)
commit	d598f8eee0741148416e8660e10c716654205cb5
tree	d40028bc7f5530304e9fe941b9974f5ea92a7d3c	tree \| snapshot
parent	caf80e4e245132bdc3bbe219b567013f2c5d2f46	commit \| diff

bluez: fix CVE-2020-0556

It was discovered that BlueZ's HID and HOGP profiles implementations
don't specifically require bonding between the device and the host.

This creates an opportunity for an malicious device to connect to a
target host to either impersonate an existing HID device without
security or to cause an SDP or GATT service discovery to take place
which would allow HID reports to be injected to the input subsystem from
a non-bonded source.

Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/recipes-connectivity/bluez5/bluez5.inc		diff \| blob \| history
meta/recipes-connectivity/bluez5/bluez5/CVE-2020-0556-1.patch	[new file with mode: 0644]	blob
meta/recipes-connectivity/bluez5/bluez5/CVE-2020-0556-2.patch	[new file with mode: 0644]	blob

Mirror of the official openembedded-core repository

RSS Atom