From: Roman Smirnov <r.smirnov@omp.ru> stable inclusion from stable-v6.16.10 commit 3237da12a388d972c15d3ed4ce07c015309709ad category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/ID229D CVE: CVE-2025-39981 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=... -------------------------------- Remove the cmd pointer NULL check in mgmt_set_connectable_complete() because it occurs earlier in set_connectable(). This check is also unnecessary because the pointer is dereferenced just before it. Found by Linux Verification Center (linuxtesting.org) with Svace. Signed-off-by: Roman Smirnov <r.smirnov@omp.ru> Reviewed-by: Sergey Shtylyov <s.shtylyov@omp.ru> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Jiacheng Yu <yujiacheng3@huawei.com> --- net/bluetooth/mgmt.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c index 205aadf01513..04b2a97c68e2 100644 --- a/net/bluetooth/mgmt.c +++ b/net/bluetooth/mgmt.c @@ -1694,8 +1694,7 @@ static void mgmt_set_connectable_complete(struct hci_dev *hdev, void *data, new_settings(hdev, cmd->sk); done: - if (cmd) - mgmt_pending_remove(cmd); + mgmt_pending_remove(cmd); hci_dev_unlock(hdev); } -- 2.43.0