summaryrefslogtreecommitdiffstats
path: root/README.qemu
diff options
context:
space:
mode:
authorAnuj Mittal <anuj.mittal@intel.com>2020-03-13 09:09:38 +0800
committerAnuj Mittal <anuj.mittal@intel.com>2020-03-16 15:49:02 +0800
commitc940e4b858d6be28b198770768117ecc098fa0d3 (patch)
tree74bc3323cdcb07338adbe862131eec56b1dcbf92 /README.qemu
parent878817358eb7c25ffa48d10dde9475299674a96c (diff)
downloadopenembedded-core-contrib-c940e4b858d6be28b198770768117ecc098fa0d3.tar.gz
bluez: fix CVE-2020-0556
It was discovered that BlueZ's HID and HOGP profiles implementations don't specifically require bonding between the device and the host. This creates an opportunity for an malicious device to connect to a target host to either impersonate an existing HID device without security or to cause an SDP or GATT service discovery to take place which would allow HID reports to be injected to the input subsystem from a non-bonded source. (From OE-Core rev: d598f8eee0741148416e8660e10c716654205cb5) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit bed169a07b04a7dc003958fa309e6ff761f85a72)
Diffstat (limited to 'README.qemu')
0 files changed, 0 insertions, 0 deletions