All of lore.kernel.org
 help / color / mirror / Atom feed
* Re: [PATCH] Bluetooth: prefetch channel before killing sock
       [not found] <20200205023159.8764-1-hdanton@sina.com>
@ 2020-02-05  8:06 ` Marcel Holtmann
  0 siblings, 0 replies; only message in thread
From: Marcel Holtmann @ 2020-02-05  8:06 UTC (permalink / raw)
  To: Hillf Danton
  Cc: Bluez mailing list, David S. Miller, Johan Hedberg, kuba,
	linux-kernel, netdev, syzkaller-bugs,
	syzbot+c3c5bdea7863886115dc, Manish Mandlik

Hi Hillf,

> Prefetch channel before killing sock in order to fix UAF like
> 
> BUG: KASAN: use-after-free in l2cap_sock_release+0x24c/0x290 net/bluetooth/l2cap_sock.c:1212
> Read of size 8 at addr ffff8880944904a0 by task syz-fuzzer/9751
> 
> Reported-by: syzbot+c3c5bdea7863886115dc@syzkaller.appspotmail.com
> Fixes: 6c08fc896b60 ("Bluetooth: Fix refcount use-after-free issue")
> Cc: Manish Mandlik <mmandlik@google.com>
> Signed-off-by: Hillf Danton <hdanton@sina.com>
> ---

patch has been applied to bluetooth-next tree.

Regards

Marcel


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2020-02-05  8:06 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <20200205023159.8764-1-hdanton@sina.com>
2020-02-05  8:06 ` [PATCH] Bluetooth: prefetch channel before killing sock Marcel Holtmann

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.