Updated: 2025-12-01 03:48:23.710888
Description:
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: Fix not validating setsockopt user input syzbot reported rfcomm_sock_setsockopt_old() is copying data without checking user input length. BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline] BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline] BUG: KASAN: slab-out-of-bounds in rfcomm_sock_setsockopt_old net/bluetooth/rfcomm/sock.c:632 [inline] BUG: KASAN: slab-out-of-bounds in rfcomm_sock_setsockopt+0x893/0xa70 net/bluetooth/rfcomm/sock.c:673 Read of size 4 at addr ffff8880209a8bc3 by task syz-executor632/5064
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | HIGH | 7.1 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | kernel | 5.14.0 | 7.1 | HIGH | Released | CLSA-2025:1759866837 | 2025-10-08 04:59:28 | Ignored due to low severity |
| CentOS 6 ELS | kernel | 2.6.32 | 7.1 | HIGH | Not Vulnerable | 2025-09-26 12:37:01 | ||
| CentOS 7 ELS | kernel | 3.10.0 | 7.1 | HIGH | Released | CLSA-2025:1759431860 | 2025-10-15 20:35:28 | |
| CentOS 8.4 ELS | kernel | 4.18.0 | 7.1 | HIGH | In Progress | 2025-11-20 21:33:04 | ||
| CentOS 8.5 ELS | kernel | 4.18.0 | 7.1 | HIGH | In Progress | 2025-11-13 16:48:43 | ||
| CentOS Stream 8 ELS | kernel | 4.18.0 | 7.1 | HIGH | In Progress | 2025-10-28 12:03:52 | ||
| CloudLinux 7 ELS | kernel | 3.10.0 | 7.1 | HIGH | Ignored | 2025-11-07 23:32:39 | CL7 support is limited | |
| Oracle Linux 6 ELS | kernel | 2.6.32 | 7.1 | HIGH | Not Vulnerable | 2025-11-02 08:17:10 | ||
| Oracle Linux 7 ELS | kernel | 3.10.0 | 7.1 | HIGH | Released | CLSA-2025:1759431869 | 2025-10-02 23:15:41 | |
| Oracle Linux 7 ELS | kernel-uek | 5.4.17 | 7.1 | HIGH | Released | CLSA-2025:1764085382 | 2025-11-25 21:48:18 |