** Changed in: pulseaudio (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to pulseaudio in Ubuntu.
https://bugs.launchpad.net/bugs/2078822
Title:
With Bluetooth headset connect, a malicious program can crash
Pulseaudio on Ubuntu16.04
Status in pulseaudio package in Ubuntu:
Confirmed
Bug description:
On Ubuntu 16.04, a malicious app could abuse a Bluetooth module
configuration for Ubuntu Touch to crash Pulseaudio:
```
pactl unload-module module-bluez5-discover
pactl load-module module-null-sink sink_name=sink.fake.sco rate=8000
channels=1
pactl load-module module-null-source source_name=source.fake.sco rate=8000
channels=1
pactl load-module module-bluez5-discover sco_sink=sink.fake.sco
sco_source=source.fake.sco
# Now, connect a Bluetooth headset, then:
pactl list cards # Make note of Bluetooth card name.
pactl set card-profile bluez_card.<address> headset_head_unit
pactl set-sink-volume sink.fake.sco 69
```
An app could repeatedly do this, preventing audio from working as long
as a Bluetooth headset is still connected.
This is discovered while working on a similar patch on UBports' Ubuntu
Touch 20.04. Admittedly, I was not able to actually test this on
Ubuntu 16.04 + ESM proper yet, but a similar set of commands is tested
to be able to crash Pulseaudio on Ubuntu Touch 20.04, which carry a
forward-ported version of the SCO-over-PCM patch.
A patch which should fix this issue is attached. This is a problem in
Ubuntu-specific SCO-over-PCM patch, and thus is not applicable in
other distros.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/2078822/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
