]> git.ipfire.org Git - thirdparty/kernel/stable.git/commit
projects / thirdparty / kernel / stable.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: dfb3f9d) | patch
Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet
authorLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
Tue, 8 Oct 2024 14:16:48 +0000 (10:16 -0400)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 14 Dec 2024 18:51:39 +0000 (19:51 +0100)
commit219960a48771b35a3857a491b955c31d6c33d581
tree02c711aa79aa6f18385fa4aacde7b3d6098f35e8tree
parentdfb3f9d3f602602de208da7bdcc0f6d5ee74af68commit | diff
Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet

[ Upstream commit 3fe288a8214e7dd784d1f9b7c9e448244d316b47 ]

This fixes not checking if skb really contains an ACL header otherwise
the code may attempt to access some uninitilized/invalid memory past the
valid skb->data.

Reported-by: syzbot+6ea290ba76d8c1eb1ac2@syzkaller.appspotmail.com
Tested-by: syzbot+6ea290ba76d8c1eb1ac2@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=6ea290ba76d8c1eb1ac2
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
net/bluetooth/hci_core.c diff | blob | blame | history
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git