[PATCH OLK-6.6] Bluetooth: HCI: Fix potential null-ptr-deref

From: Sungwoo Kim iam@sung-woo.kim

stable inclusion from stable-v6.6.31 commit 1f7ebb69c1d65732bcac2fda9d15421f76f01e81 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9RMQS CVE: CVE-2024-36011

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=...

--------------------------------

[ Upstream commit d2706004a1b8b526592e823d7e52551b518a7941 ]

Fix potential null-ptr-deref in hci_le_big_sync_established_evt().

Fixes: f777d8827817 (Bluetooth: ISO: Notify user space about failed bis connections) Signed-off-by: Sungwoo Kim iam@sung-woo.kim Signed-off-by: Luiz Augusto von Dentz luiz.von.dentz@intel.com Signed-off-by: Sasha Levin sashal@kernel.org Signed-off-by: Zhao Mengmeng zhaomengmeng@kylinos.cn --- net/bluetooth/hci_event.c | 2 ++ 1 file changed, 2 insertions(+)

diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 1b4abf8e90f6..9274d3255049 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -7200,6 +7200,8 @@ static void hci_le_big_sync_established_evt(struct hci_dev *hdev, void *data, u16 handle = le16_to_cpu(ev->bis[i]);

bis = hci_conn_hash_lookup_handle(hdev, handle); + if (!bis) + continue;

set_bit(HCI_CONN_BIG_SYNC_FAILED, &bis->flags); hci_connect_cfm(bis, ev->status);