[Kernel-packages] [Bug 1949516] Re: require CAP_NET_ADMIN to attach N_HCI ldisc

Tue, 30 Nov 2021 11:27:37 -0800 

This bug was fixed in the package linux-oem-5.10 - 5.10.0-1052.54

---------------
linux-oem-5.10 (5.10.0-1052.54) focal; urgency=medium

  * focal/linux-oem-5.10: 5.10.0-1052.54 -proposed tracker (LP:
#1949843)

  * creat09 from ubuntu_ltp_syscalls and cve-2018-13405 from ubuntu_ltp/cve
    failed with XFS (LP: #1950239)
    - xfs: fix up non-directory creation in SGID directories

  * Let NVMe with HMB use native power control again (LP: #1950042)
    - nvme-pci: use attribute group for cmb sysfs
    - nvme-pci: cmb sysfs: one file, one value
    - nvme-pci: disable hmb on idle suspend
    - nvme: allow user toggling hmb usage

  * require CAP_NET_ADMIN to attach N_HCI ldisc (LP: #1949516)
    - Bluetooth: hci_ldisc: require CAP_NET_ADMIN to attach N_HCI ldisc

 -- Chia-Lin Kao (AceLan) <acelan....@canonical.com>  Tue, 23 Nov 2021
15:29:37 +0800

** Changed in: linux-oem-5.10 (Ubuntu Focal)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-oem-5.10 in Ubuntu.
https://bugs.launchpad.net/bugs/1949516

Title:
  require CAP_NET_ADMIN to attach N_HCI ldisc

Status in linux package in Ubuntu:
  In Progress
Status in linux-oem-5.10 package in Ubuntu:
  Invalid
Status in linux source package in Bionic:
  Fix Released
Status in linux-oem-5.10 source package in Bionic:
  Invalid
Status in linux source package in Focal:
  Fix Released
Status in linux-oem-5.10 source package in Focal:
  Fix Released
Status in linux source package in Hirsute:
  Fix Released
Status in linux-oem-5.10 source package in Hirsute:
  Invalid
Status in linux source package in Impish:
  Fix Released
Status in linux-oem-5.10 source package in Impish:
  Invalid
Status in linux source package in Jammy:
  In Progress
Status in linux-oem-5.10 source package in Jammy:
  Invalid

Bug description:
  [Impact]
  Any unprivileged user can attach N_HCI ldisc and send packets coming from a
  virtual controller by using PTYs. This exposes attack surface on systems
  where bluetooth is not needed or even allow local attacks that would otherwise
  require physical proximity.

  [Test case]
  Try attaching N_HCI ldisc to a tty.

  ldattach HCI /dev/tty

  [Potential regression]
  Users who rely on programs using N_HCI line discipline in order to emulate or 
proxy a bluetooth controller will require privilege they may not have.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1949516/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to