CVE-2022-50233

Summary

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name}

Both dev_name and short_name are not guaranteed to be NULL terminated so this instead use strnlen and then attempt to determine if the resulting string needs to be truncated or not.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux4c3dbb2c312c9fafbac30d98c523b8b1f3455d78 < dd7b8cdde098cf9f7c8de409b5b7bbb98f97be80affected
LinuxLinux4.14affected
LinuxLinux0 < 4.14unaffected
LinuxLinux6.0 <= *unaffected

Weaknesses

References