lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Sun, 21 Jul 2019 12:05:01 +0200
From:   CIJOML CIJOMLovic <cijoml@...il.com>
To:     marcel@...tmann.org, YangX92@...mail.com,
        linux-kernel@...r.kernel.org
Subject: Kernel 4.19.42 and newer have broke my Bluetooth keyboard/mouse support

Hello guys,

I own a very old Logitech diNovo media set with Keyboard, Mouse MX1000
for Bluetooth and Mediapad.
Since 4.19.41 I was able to use it without problem, but kernel 4.19.42
introduced two patches which one of them problably broke my Bluetooth
setup support.
According to the changelog those might be:

commit 38f092c41cebaff589e88cc22686b289a6840559
Author: Marcel Holtmann <marcel@...tmann.org>
Date:   Wed Apr 24 22:19:17 2019 +0200

    Bluetooth: Align minimum encryption key size for LE and BR/EDR connections

    commit d5bb334a8e171b262e48f378bd2096c0ea458265 upstream.

    The minimum encryption key size for LE connections is 56 bits and to
    align LE with BR/EDR, enforce 56 bits of minimum encryption key size for
    BR/EDR connections as well.

    Signed-off-by: Marcel Holtmann <marcel@...tmann.org>
    Signed-off-by: Johan Hedberg <johan.hedberg@...el.com>
    Cc: stable@...r.kernel.org
    Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>

commit c6d1f9b4b2cb768e29f5d44af143f25ad89062b1
Author: Young Xiao <YangX92@...mail.com>
Date:   Fri Apr 12 15:24:30 2019 +0800

    Bluetooth: hidp: fix buffer overflow

    commit a1616a5ac99ede5d605047a9012481ce7ff18b16 upstream.

    Struct ca is copied from userspace. It is not checked whether the "name"
    field is NULL terminated, which allows local users to obtain potentially
    sensitive information from kernel stack memory, via a HIDPCONNADD command.

    This vulnerability is similar to CVE-2011-1079.

    Signed-off-by: Young Xiao <YangX92@...mail.com>
    Signed-off-by: Marcel Holtmann <marcel@...tmann.org>
    Cc: stable@...r.kernel.org
    Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>

My current working setup with 4.19.41 is as follows:

root@...nkpad:/home/cijoml# hcitool con
Connections:
    > ACL 00:07:61:49:2A:6A handle 69 state 1 lm MASTER AUTH ENCRYPT
    > ACL 00:07:61:3E:1C:71 handle 71 state 1 lm MASTER AUTH ENCRYPT
    > ACL 00:07:61:49:E0:3D handle 68 state 1 lm MASTER

root@...nkpad:/home/cijoml# hcitool info 00:07:61:3E:1C:71
Requesting information ...
    BD Address:  00:07:61:3E:1C:71
    OUI Company: Logitech Europe SA (00-07-61)
    Device Name: Logitech diNovo Keyboard
    LMP Version: 1.2 (0x2) LMP Subversion: 0x545
    Manufacturer: Cambridge Silicon Radio (10)
    Features: 0xfc 0xff 0x0f 0x00 0x08 0x08 0x00 0x00
        <encryption> <slot offset> <timing accuracy> <role switch>
        <hold mode> <sniff mode> <park state> <RSSI> <channel quality>
        <SCO link> <HV2 packets> <HV3 packets> <u-law log> <A-law log>
        <CVSD> <paging scheme> <power control> <transparent SCO>
        <AFH cap. slave> <AFH cap. master>
root@...nkpad:/home/cijoml# hcitool info 00:07:61:49:E0:3D
Requesting information ...
    BD Address:  00:07:61:49:E0:3D
    OUI Company: Logitech Europe SA (00-07-61)
    Device Name: Logitech MX1000 mouse
    LMP Version: 1.2 (0x2) LMP Subversion: 0x545
    Manufacturer: Cambridge Silicon Radio (10)
    Features: 0xfc 0xff 0x0f 0x00 0x08 0x08 0x00 0x00
        <encryption> <slot offset> <timing accuracy> <role switch>
        <hold mode> <sniff mode> <park state> <RSSI> <channel quality>
        <SCO link> <HV2 packets> <HV3 packets> <u-law log> <A-law log>
        <CVSD> <paging scheme> <power control> <transparent SCO>
        <AFH cap. slave> <AFH cap. master>
root@...nkpad:/home/cijoml# hcitool info 00:07:61:49:2A:6A
Requesting information ...
    BD Address:  00:07:61:49:2A:6A
    OUI Company: Logitech Europe SA (00-07-61)
    Device Name: Logitech Mediapad
    LMP Version: 1.2 (0x2) LMP Subversion: 0x545
    Manufacturer: Cambridge Silicon Radio (10)
    Features: 0xfc 0xff 0x0f 0x00 0x08 0x08 0x00 0x00
        <encryption> <slot offset> <timing accuracy> <role switch>
        <hold mode> <sniff mode> <park state> <RSSI> <channel quality>
        <SCO link> <HV2 packets> <HV3 packets> <u-law log> <A-law log>
        <CVSD> <paging scheme> <power control> <transparent SCO>
        <AFH cap. slave> <AFH cap. master>


Can anybody please look at this and fix the support for my Bluetooth
set so I do not need to throw it into dustbin?

Thank you in advance

Michal

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ