Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 823802 (CVE-2021-43400)

Summary: <net-wireless/bluez-5.62: Use-after-free (CVE-2021-43400)
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: pacho
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [noglsa]
Package list:
Runtime testing required: ---
Bug Depends on: 826886    
Bug Blocks:    

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-11-15 07:39:14 UTC 
Description:
"An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free can occur when a client disconnects during D-Bus processing of a WriteValue call."
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-11-15 07:39:25 UTC 
Please stable when ready, thanks!
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-11-26 05:08:50 UTC 
Please cleanup
Comment 3 Pacho Ramos gentoo-dev 2022-03-26 19:20:44 UTC 
they were cleaned some time ago
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-26 21:48:32 UTC 
Yep, thanks! Low impact as it requires a client to be connected (so likely trusted), so no GLSA. All done!