Bluetooth: SCO: Fix UAF on sco_sock_timeout (1bf4470a) · Commits · linux-arm / linux-anshuman · GitLab

⚠️ Gitlab.arm.com will be in read-only mode from 19th September 1700 to 22nd September 0900 BST. For more details refer https://gitlab.arm.com/documentation/data-migration

Commit 1bf4470a authored Oct 22, 2024 by Luiz Augusto von Dentz

Bluetooth: SCO: Fix UAF on sco_sock_timeout

conn->sk maybe have been unlinked/freed while waiting for sco_conn_lock
so this checks if the conn->sk is still valid by checking if it part of
sco_sk_list.

Reported-by: <syzbot+4c0d0c4cde787116d465@syzkaller.appspotmail.com>
Tested-by: <syzbot+4c0d0c4cde787116d465@syzkaller.appspotmail.com>
Closes: https://syzkaller.appspot.com/bug?extid=4c0d0c4cde787116d465

Fixes: ba316be1 ("Bluetooth: schedule SCO timeouts with delayed_work")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

parent 989fa517

Hide whitespace changes

Inline Side-by-side

Please register or to comment