]> git.ipfire.org Git - thirdparty/kernel/stable.git/commit
projects / thirdparty / kernel / stable.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c55a4c5) | patch
Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet
authorLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
Tue, 8 Oct 2024 14:16:48 +0000 (10:16 -0400)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 14 Dec 2024 19:03:56 +0000 (20:03 +0100)
commit93a6160dc198ffe5786da8bd8588cfd17f53b29a
treed935abf0607a3259660d23ed1a94fa77db56fe8btree
parentc55a4c5a04bae40dcdc1e1c19d8eb79a06fb3397commit | diff
Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet

[ Upstream commit 3fe288a8214e7dd784d1f9b7c9e448244d316b47 ]

This fixes not checking if skb really contains an ACL header otherwise
the code may attempt to access some uninitilized/invalid memory past the
valid skb->data.

Reported-by: syzbot+6ea290ba76d8c1eb1ac2@syzkaller.appspotmail.com
Tested-by: syzbot+6ea290ba76d8c1eb1ac2@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=6ea290ba76d8c1eb1ac2
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
net/bluetooth/hci_core.c diff | blob | blame | history
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git