CVE-2022-50233

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name}

Both dev_name and short_name are not guaranteed to be NULL terminated so
this instead use strnlen and then attempt to determine if the resulting
string needs to be truncated or not.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
LinuxCNA
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
vulnerable
bullseye (security)
vulnerable
bookworm
6.1.137-1
fixed
bookworm (security)
6.1.140-1
fixed
trixie (security)
6.12.31-1
fixed
forky
6.12.38-1
fixed
sid
6.12.38-1
fixed
trixie
6.12.38-1
fixed
References
https://git.kernel.org/stable/c/dd7b8cdde098cf9f7c8de409b5b7bbb98f97be80