archives/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-03-14 02:06:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/include
History
Pauli Virtanen e8785404de Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete 
There is a BUG: KASAN: stack-out-of-bounds in set_mesh_sync due to
memcpy from badly declared on-stack flexible array.

Another crash is in set_mesh_complete() due to double list_del via
mgmt_pending_valid + mgmt_pending_remove.

Use DEFINE_FLEX to declare the flexible array right, and don't memcpy
outside bounds.

As mgmt_pending_valid removes the cmd from list, use mgmt_pending_free,
and also report status on error.

Fixes: 302a1f674c ("Bluetooth: MGMT: Fix possible UAFs")
Signed-off-by: Pauli Virtanen <pav@iki.fi>
Reviewed-by: Paul Menzel <pmenzel@molgen.mpg.de>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
2025-10-24 10:21:37 -04:00
..
acpi More power management updates for 6.18-rc1 2025-10-07 09:39:51 -07:00
asm-generic hyperv-next for v6.18 2025-10-07 08:40:15 -07:00
clocksource clocksource/drivers/arm_arch_timer_mmio: Switch over to standalone driver 2025-09-23 12:31:50 +02:00
crypto This update includes the following changes: 2025-10-04 14:59:29 -07:00
cxl
drm drm/gpuvm: Fix kernel-doc warning for drm_gpuvm_map_req.map 2025-10-15 18:37:05 +02:00
dt-bindings There's a bunch of patches here across drivers/clk/ to migrate drivers to use 2025-10-07 09:28:37 -07:00
hyperv hyperv: Remove the spurious null directive line 2025-10-02 21:21:24 +00:00
keys KEYS: trusted_tpm1: Move private functionality out of public header 2025-09-27 21:05:06 +03:00
kunit linux_kselftest-kunit-6.18-rc1 2025-10-01 19:15:11 -07:00
kvm KVM: arm64: Kill leftovers of ad-hoc timer userspace access 2025-10-13 14:42:41 +01:00
linux Including fixes from can. Slim pickings, I'm guessing people haven't 2025-10-23 07:03:18 -10:00
math-emu
media
memory
misc
net Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete 2025-10-24 10:21:37 -04:00
pcmcia
ras
rdma
rv kernel-6.18-rc1.clone3 2025-09-29 10:36:50 -07:00
scsi SCSI misc on 20251002 2025-10-03 19:17:48 -07:00
soc There's a bunch of patches here across drivers/clk/ to migrate drivers to use 2025-10-07 09:28:37 -07:00
sound ASoC: tas2781: Support more newly-released amplifiers tas58xx in the driver 2025-10-13 11:08:09 +01:00
target
trace dma-mapping fixes for Linux 6.18: 2025-10-07 12:48:06 -07:00
uapi ARM: 2025-10-18 07:07:14 -10:00
ufs scsi: ufs: core: Include UTP error in INT_FATAL_ERRORS 2025-09-30 16:10:29 -04:00
vdso Updates for the VDSO subsystem: 2025-09-30 16:58:21 -07:00
video
xen
Kbuild