ALAS2023-2023-262

Amazon Linux 2023 Security Advisory: ALAS-2023-262
Advisory Release Date: 2023-07-17 20:46 Pacific
Advisory Updated Date: 2023-07-20 00:55 Pacific
Severity: Low
Issue Overview:

A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function read_50_controller_cap_complete of the file tools/mgmt-tester.c of the component BlueZ. The manipulation of the argument cap_len leads to null pointer dereference. It is recommended to apply a patch to fix this issue. VDB-211086 is the identifier assigned to this vulnerability. (CVE-2022-3563)


Affected Packages:

bluez


Issue Correction:
Run dnf update bluez --releasever 2023.1.20230719 to update your system.

New Packages:
aarch64:
    bluez-libs-devel-debuginfo-5.62-2.amzn2023.0.4.aarch64
    bluez-hid2hci-debuginfo-5.62-2.amzn2023.0.4.aarch64
    bluez-hid2hci-5.62-2.amzn2023.0.4.aarch64
    bluez-libs-debuginfo-5.62-2.amzn2023.0.4.aarch64
    bluez-mesh-5.62-2.amzn2023.0.4.aarch64
    bluez-cups-debuginfo-5.62-2.amzn2023.0.4.aarch64
    bluez-debugsource-5.62-2.amzn2023.0.4.aarch64
    bluez-obexd-debuginfo-5.62-2.amzn2023.0.4.aarch64
    bluez-mesh-debuginfo-5.62-2.amzn2023.0.4.aarch64
    bluez-cups-5.62-2.amzn2023.0.4.aarch64
    bluez-5.62-2.amzn2023.0.4.aarch64
    bluez-deprecated-5.62-2.amzn2023.0.4.aarch64
    bluez-libs-devel-5.62-2.amzn2023.0.4.aarch64
    bluez-libs-5.62-2.amzn2023.0.4.aarch64
    bluez-obexd-5.62-2.amzn2023.0.4.aarch64
    bluez-debuginfo-5.62-2.amzn2023.0.4.aarch64
    bluez-deprecated-debuginfo-5.62-2.amzn2023.0.4.aarch64

src:
    bluez-5.62-2.amzn2023.0.4.src

x86_64:
    bluez-hid2hci-debuginfo-5.62-2.amzn2023.0.4.x86_64
    bluez-debuginfo-5.62-2.amzn2023.0.4.x86_64
    bluez-mesh-5.62-2.amzn2023.0.4.x86_64
    bluez-mesh-debuginfo-5.62-2.amzn2023.0.4.x86_64
    bluez-libs-debuginfo-5.62-2.amzn2023.0.4.x86_64
    bluez-cups-5.62-2.amzn2023.0.4.x86_64
    bluez-libs-devel-5.62-2.amzn2023.0.4.x86_64
    bluez-obexd-debuginfo-5.62-2.amzn2023.0.4.x86_64
    bluez-obexd-5.62-2.amzn2023.0.4.x86_64
    bluez-libs-5.62-2.amzn2023.0.4.x86_64
    bluez-5.62-2.amzn2023.0.4.x86_64
    bluez-hid2hci-5.62-2.amzn2023.0.4.x86_64
    bluez-deprecated-5.62-2.amzn2023.0.4.x86_64
    bluez-libs-devel-debuginfo-5.62-2.amzn2023.0.4.x86_64
    bluez-debugsource-5.62-2.amzn2023.0.4.x86_64
    bluez-cups-debuginfo-5.62-2.amzn2023.0.4.x86_64
    bluez-deprecated-debuginfo-5.62-2.amzn2023.0.4.x86_64

Additional References

Red Hat: CVE-2022-3563

Mitre: CVE-2022-3563