| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <164855401131.3735.13754664491252004228.git-patchwork-notify@kernel.org>
Date: Tue, 29 Mar 2022 11:40:11 +0000
From: patchwork-bot+bluetooth@...nel.org
To: Ying Hsu <yinghsu@...omium.org>
Cc: marcel@...tmann.org, chromeos-bluetooth-upstreaming@...omium.org,
syzbot+2bef95d3ab4daa10155b@...kaller.appspotmail.com,
josephsih@...omium.org, davem@...emloft.net,
desmondcheongzx@...il.com, kuba@...nel.org,
johan.hedberg@...il.com, luiz.dentz@...il.com, pabeni@...hat.com,
linux-bluetooth@...r.kernel.org, linux-kernel@...r.kernel.org,
netdev@...r.kernel.org
Subject: Re: [PATCH v2] Bluetooth: fix dangling sco_conn and use-after-free in
sco_sock_timeout
Hello:
This patch was applied to bluetooth/bluetooth-next.git (master)
by Marcel Holtmann <marcel@...tmann.org>:
On Sat, 26 Mar 2022 07:09:28 +0000 you wrote:
> Connecting the same socket twice consecutively in sco_sock_connect()
> could lead to a race condition where two sco_conn objects are created
> but only one is associated with the socket. If the socket is closed
> before the SCO connection is established, the timer associated with the
> dangling sco_conn object won't be canceled. As the sock object is being
> freed, the use-after-free problem happens when the timer callback
> function sco_sock_timeout() accesses the socket. Here's the call trace:
>
> [...]
Here is the summary with links:
- [v2] Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout
https://git.kernel.org/bluetooth/bluetooth-next/c/300cf0bfb43e
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
Powered by blists - more mailing lists