CVE-2025-23050: QLowEnergyController on Linux has a BlueZ DBus and a Bluetooth Kernel API backend. When using the Bluetooth Kernel API backend of QLowEnergyController, QtBluetooth creates a Bluetooth L2CAP socket to establish a connection with an external Bluetooth Low Energy device. After that, the external device can send malformed Bluetooth ATT commands to trigger read past the end of the buffer and division by zero errors. The problem is relevant for both central and peripheral roles.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=90489eceafb66c962bd4f1b48624756590b9a234 commit 90489eceafb66c962bd4f1b48624756590b9a234 Author: Ionen Wolkens <ionen@gentoo.org> AuthorDate: 2025-01-22 09:51:51 +0000 Commit: Ionen Wolkens <ionen@gentoo.org> CommitDate: 2025-01-22 09:54:31 +0000 dev-qt/qtconnectivity: fix CVE-2025-23050 Considered waiting for 6.8.2 given release date is "tomorrow", but odds are it'll be delayed and it'll let us stabilize this separately either way. Closes: https://bugs.gentoo.org/948573 Signed-off-by: Ionen Wolkens <ionen@gentoo.org> .../qtconnectivity-6.8.1-CVE-2025-23050.patch | 210 +++++++++++++++++++++ .../qtconnectivity/qtconnectivity-6.8.1-r1.ebuild | 89 +++++++++ 2 files changed, 299 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=29c9a13aced01abfb2f9de90554940d0f7323b29 commit 29c9a13aced01abfb2f9de90554940d0f7323b29 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2025-01-22 17:11:26 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2025-01-22 23:51:48 +0000 profiles: Mask dev-qt/qtbluetooth:5 for removal Bug: https://bugs.gentoo.org/948573 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> profiles/package.mask | 4 ++++ 1 file changed, 4 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c419842ec21a5915270825e2664e4421d30e8f69 commit c419842ec21a5915270825e2664e4421d30e8f69 Author: Ionen Wolkens <ionen@gentoo.org> AuthorDate: 2025-01-27 23:37:14 +0000 Commit: Ionen Wolkens <ionen@gentoo.org> CommitDate: 2025-01-27 23:37:38 +0000 dev-qt/qtconnectivity: drop 6.8.1 Bug: https://bugs.gentoo.org/948573 Signed-off-by: Ionen Wolkens <ionen@gentoo.org> dev-qt/qtconnectivity/qtconnectivity-6.8.1.ebuild | 85 ----------------------- 1 file changed, 85 deletions(-)
I might've missed some important URL detailing this but since the previous version has been deleted and the new version hard masked... What's the upgrade/use alternative for those already using bluetooth on Plasma in the meantime? Boot into a different OS/distro/desktop until Gentoo catches up? Hard unmask? Thanks :)
Input not understood at all.
(In reply to Rick Harris from comment #4) > I might've missed some important URL detailing this but since the previous > version has been deleted and the new version hard masked... dev-qt/qtconnectivity:6 with USE=bluetooth is the new one and it's not masked
(In reply to Ionen Wolkens from comment #6) > (In reply to Rick Harris from comment #4) > > I might've missed some important URL detailing this but since the previous > > version has been deleted and the new version hard masked... > dev-qt/qtconnectivity:6 with USE=bluetooth is the new one and it's not masked ...and as the topic says, the vulnerability is fixed in qtconnectivity-6.8.1-r1 (stable) and 6.8.2 (~testing)
Apologies, thanks for clarification, am a bit slow of late :p
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b530de433dbb89776c5874f6ad1ca5a0c2dc47f5 commit b530de433dbb89776c5874f6ad1ca5a0c2dc47f5 Author: Arthur Zamarin <arthurzam@gentoo.org> AuthorDate: 2025-02-22 14:33:12 +0000 Commit: Arthur Zamarin <arthurzam@gentoo.org> CommitDate: 2025-02-22 14:33:12 +0000 dev-qt/qtbluetooth: treeclean Bug: https://bugs.gentoo.org/948573 Closes: https://bugs.gentoo.org/853064 (pkgremoved) Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org> dev-qt/qtbluetooth/Manifest | 2 -- dev-qt/qtbluetooth/metadata.xml | 20 ---------------- dev-qt/qtbluetooth/qtbluetooth-5.15.16.ebuild | 34 --------------------------- profiles/package.mask | 4 ---- 4 files changed, 60 deletions(-)
