Bluetooth: HCI: Fix potential null-ptr-deref
Sungwoo Kim (1): Bluetooth: HCI: Fix potential null-ptr-deref
net/bluetooth/hci_event.c | 2 ++ 1 file changed, 2 insertions(+)
From: Sungwoo Kim iam@sung-woo.kim
stable inclusion from stable-v6.6.31 commit 1f7ebb69c1d65732bcac2fda9d15421f76f01e81 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I9MPZ8 CVE: CVE-2024-36011
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=...
--------------------------------
[ Upstream commit d2706004a1b8b526592e823d7e52551b518a7941 ]
Fix potential null-ptr-deref in hci_le_big_sync_established_evt().
Fixes: f777d8827817 (Bluetooth: ISO: Notify user space about failed bis connections) Signed-off-by: Sungwoo Kim iam@sung-woo.kim Signed-off-by: Luiz Augusto von Dentz luiz.von.dentz@intel.com Signed-off-by: Sasha Levin sashal@kernel.org Signed-off-by: Liao Chen liaochen4@huawei.com --- net/bluetooth/hci_event.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 1b4abf8e90f6..9274d3255049 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -7200,6 +7200,8 @@ static void hci_le_big_sync_established_evt(struct hci_dev *hdev, void *data, u16 handle = le16_to_cpu(ev->bis[i]);
bis = hci_conn_hash_lookup_handle(hdev, handle); + if (!bis) + continue;
set_bit(HCI_CONN_BIG_SYNC_FAILED, &bis->flags); hci_connect_cfm(bis, ev->status);
反馈: 您发送到kernel@openeuler.org的补丁/补丁集,已成功转换为PR! PR链接地址: https://gitee.com/openeuler/kernel/pulls/9042 邮件列表地址:https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/W...
FeedBack: The patch(es) which you have sent to kernel@openeuler.org mailing list has been converted to a pull request successfully! Pull request link: https://gitee.com/openeuler/kernel/pulls/9042 Mailing list address: https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/W...