| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id:
<176132700750.4002741.10364505901519162594.git-patchwork-notify@kernel.org>
Date: Fri, 24 Oct 2025 17:30:07 +0000
From: patchwork-bot+bluetooth@...nel.org
To: Raphael Pinsonneault-Thibeault <rpthibeault@...il.com>
Cc: marcel@...tmann.org, johan.hedberg@...il.com, luiz.dentz@...il.com,
linux-bluetooth@...r.kernel.org, linux-kernel@...r.kernel.org,
syzbot+a9a4bedfca6aa9d7fa24@...kaller.appspotmail.com,
linux-kernel-mentees@...ts.linux.dev, skhan@...uxfoundation.org,
david.hunter.linux@...il.com, khalid@...nel.org
Subject: Re: [PATCH v2] Bluetooth: hci_event: validate skb length for unknown
CC
opcode
Hello:
This patch was applied to bluetooth/bluetooth-next.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@...el.com>:
On Fri, 24 Oct 2025 12:29:10 -0400 you wrote:
> In hci_cmd_complete_evt(), if the command complete event has an unknown
> opcode, we assume the first byte of the remaining skb->data contains the
> return status. However, parameter data has previously been pulled in
> hci_event_func(), which may leave the skb empty. If so, using skb->data[0]
> for the return status uses un-init memory.
>
> The fix is to check skb->len before using skb->data.
>
> [...]
Here is the summary with links:
- [v2] Bluetooth: hci_event: validate skb length for unknown CC opcode
https://git.kernel.org/bluetooth/bluetooth-next/c/a91f1b634866
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
Powered by blists - more mailing lists