TWxSoftware/twx-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
bfa7b5c98b
twx-linux/include/net/bluetooth
History
Luiz Augusto von Dentz 1bf4470a39 Bluetooth: SCO: Fix UAF on sco_sock_timeout 
conn->sk maybe have been unlinked/freed while waiting for sco_conn_lock
so this checks if the conn->sk is still valid by checking if it part of
sco_sk_list.

Reported-by: syzbot+4c0d0c4cde787116d465@syzkaller.appspotmail.com
Tested-by: syzbot+4c0d0c4cde787116d465@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=4c0d0c4cde787116d465
Fixes: ba316be1b6a0 ("Bluetooth: schedule SCO timeouts with delayed_work")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
2024-10-23 10:20:29 -04:00
..
bluetooth.h Bluetooth: SCO: Fix UAF on sco_sock_timeout 2024-10-23 10:20:29 -04:00
coredump.h Bluetooth: Add support for hci devcoredump 2023-04-23 21:57:59 -07:00
hci_core.h Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED 2024-09-10 13:06:37 -04:00
hci_mon.h Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name 2023-10-13 20:06:33 -07:00
hci_sock.h Bluetooth: hci_core: Prefer struct_size over open coded arithmetic 2024-07-14 21:33:29 -04:00
hci_sync.h Bluetooth: hci_sync: Introduce hci_cmd_sync_run/hci_cmd_sync_run_once 2024-08-30 17:56:34 -04:00
hci.h Bluetooth: Add a helper function to extract iso header 2024-09-10 12:41:10 -04:00
iso.h Bluetooth: ISO: Add broadcast support 2022-07-22 17:14:13 -07:00
l2cap.h move asm/unaligned.h to linux/unaligned.h 2024-10-02 17:23:23 -04:00
mgmt.h Bluetooth: Check for ISO support in controller 2023-08-11 11:31:23 -07:00
rfcomm.h tty: rfcomm: prefer struct_size over open coded arithmetic 2024-07-14 21:33:31 -04:00
sco.h Bluetooth: af_bluetooth: Make BT_PKT_STATUS generic 2023-08-11 11:49:16 -07:00