]> git.ipfire.org Git - thirdparty/kernel/stable.git/commit
projects / thirdparty / kernel / stable.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 66b3bbe) | patch
Bluetooth: L2CAP: Fix potential user-after-free
authorLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
Wed, 1 Feb 2023 22:01:11 +0000 (14:01 -0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 11 Mar 2023 15:26:37 +0000 (16:26 +0100)
commitb2fde8cb2a25125111f2144604e0e7c0ebcc4bba
tree83f6d9eee967716b2ae9b01e4da8d1c52ee6c5f2tree | snapshot
parent66b3bbe6fbd8dd410868e5b53ac3944a934b9310commit | diff
Bluetooth: L2CAP: Fix potential user-after-free

[ Upstream commit df5703348813235874d851934e957c3723d71644 ]

This fixes all instances of which requires to allocate a buffer calling
alloc_skb which may release the chan lock and reacquire later which
makes it possible that the chan is disconnected in the meantime.

Fixes: a6a5568c03c4 ("Bluetooth: Lock the L2CAP channel when sending")
Reported-by: Alexander Coffin <alex.coffin@matician.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
net/bluetooth/l2cap_core.c diff | blob | blame | history
net/bluetooth/l2cap_sock.c diff | blob | blame | history
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git