require CAP_NET_ADMIN to attach N_HCI ldisc
Bug #1949516 reported by
Thadeu Lima de Souza Cascardo
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Low
|
Thadeu Lima de Souza Cascardo | ||
Bionic |
Fix Released
|
Low
|
Thadeu Lima de Souza Cascardo | ||
Focal |
Fix Released
|
Low
|
Thadeu Lima de Souza Cascardo | ||
Hirsute |
Fix Released
|
Low
|
Thadeu Lima de Souza Cascardo | ||
Impish |
Fix Released
|
Low
|
Thadeu Lima de Souza Cascardo | ||
Jammy |
Fix Released
|
Low
|
Thadeu Lima de Souza Cascardo | ||
linux-oem-5.10 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Bionic |
Invalid
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
Hirsute |
Invalid
|
Undecided
|
Unassigned | ||
Impish |
Invalid
|
Undecided
|
Unassigned | ||
Jammy |
Invalid
|
Undecided
|
Unassigned |
Bug Description
[Impact]
Any unprivileged user can attach N_HCI ldisc and send packets coming from a
virtual controller by using PTYs. This exposes attack surface on systems
where bluetooth is not needed or even allow local attacks that would otherwise
require physical proximity.
[Test case]
Try attaching N_HCI ldisc to a tty.
ldattach HCI /dev/tty
[Potential regression]
Users who rely on programs using N_HCI line discipline in order to emulate or proxy a bluetooth controller will require privilege they may not have.
Changed in linux (Ubuntu Bionic): | |
status: | New → In Progress |
Changed in linux (Ubuntu Focal): | |
status: | New → In Progress |
Changed in linux (Ubuntu Jammy): | |
status: | New → In Progress |
Changed in linux (Ubuntu Impish): | |
status: | New → In Progress |
Changed in linux (Ubuntu Hirsute): | |
status: | New → In Progress |
Changed in linux (Ubuntu Jammy): | |
assignee: | nobody → Thadeu Lima de Souza Cascardo (cascardo) |
Changed in linux (Ubuntu Impish): | |
assignee: | nobody → Thadeu Lima de Souza Cascardo (cascardo) |
Changed in linux (Ubuntu Hirsute): | |
assignee: | nobody → Thadeu Lima de Souza Cascardo (cascardo) |
Changed in linux (Ubuntu Focal): | |
assignee: | nobody → Thadeu Lima de Souza Cascardo (cascardo) |
Changed in linux (Ubuntu Bionic): | |
assignee: | nobody → Thadeu Lima de Souza Cascardo (cascardo) |
Changed in linux (Ubuntu Jammy): | |
importance: | Undecided → Low |
Changed in linux (Ubuntu Impish): | |
importance: | Undecided → Low |
Changed in linux (Ubuntu Hirsute): | |
importance: | Undecided → Low |
Changed in linux (Ubuntu Focal): | |
importance: | Undecided → Low |
Changed in linux (Ubuntu Bionic): | |
importance: | Undecided → Low |
Changed in linux (Ubuntu Bionic): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Focal): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Hirsute): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Impish): | |
status: | In Progress → Fix Committed |
Changed in linux-oem-5.10 (Ubuntu Bionic): | |
status: | New → Invalid |
Changed in linux-oem-5.10 (Ubuntu Focal): | |
status: | New → Fix Committed |
Changed in linux-oem-5.10 (Ubuntu Hirsute): | |
status: | New → Invalid |
Changed in linux-oem-5.10 (Ubuntu Impish): | |
status: | New → Invalid |
Changed in linux-oem-5.10 (Ubuntu Jammy): | |
status: | New → Invalid |
Changed in linux (Ubuntu Focal): | |
status: | Fix Released → Fix Committed |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
This bug is awaiting verification that the linux/5.13.0-22.22 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification- needed- impish' to 'verification- done-impish' . If the problem still exists, change the tag 'verification- needed- impish' to 'verification- failed- impish' .
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/ /wiki.ubuntu. com/Testing/ EnableProposed for documentation how to enable and use -proposed. Thank you!