From https://bugzilla.redhat.com/show_bug.cgi?id=1403881: An out-of-bounds stack read was identified in "packet_hexdump" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. Reproducer can be found in following report: https://www.spinics.net/lists/linux-bluetooth/msg68898.html From https://bugzilla.redhat.com/show_bug.cgi?id=1403879: A heap-based buffer overflow was observed in "read_n" function in "tools/hcidump.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. PoC can be found in following report: https://www.spinics.net/lists/linux-bluetooth/msg68892.html @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Upstream unable to reproduce and no PoCs available.