In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: MGMT: Fix list corruption and UAF in command complete handlers
Commit 302a1f674c00 ("Bluetooth: MGMT: Fix possible UAFs
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: MGMT: Fix possible UAFs
This attemps to fix possible UAFs caused by struct mgmt_pending being
freed while still being p
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete
This fixes the condition checking so mgmt_pending_
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: MGMT: Fix memory leak in set_ssp_complete
Fix memory leak in set_ssp_complete() where mgmt_pending_cmd structures
are n
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete
This reworks MGMT_OP_REMOVE_ADV_MONITOR to not use mgmt_pending_add t
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete
There is a BUG: KASAN: stack-out-of-bounds in set_mesh_sync due
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: MGMT: Fix possible crash on mgmt_index_removed
If mgmt_index_removed is called while there are commands queued on
cmd_s
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: MGMT: Protect mgmt_pending list with its own lock
This uses a mutex to protect from concurrent access of mgmt_pending
l
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: MGMT: Fix possible deadlocks
This fixes possible deadlocks like the following caused by
hci_cmd_sync_dequeue causing th
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name()
Add check for the return value of mgmt_alloc_skb() in
mgmt_remote_
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected()
Add check for the return value of mgmt_alloc_skb() in
mgmt_de
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: avoid hci_dev_test_and_set_flag() in mgmt_init_hdev()
syzbot is again reporting attempt to cancel uninitialized work
at
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync
This fixes the following crash:
===================
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: HIDP: Fix possible UAF
This fixes the following trace caused by not dropping l2cap_conn
reference when user->remove cal
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync
This fixes the following UFA in hci_acl_create_conn_sync where a
connect
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: MGMT: Add error handling to pair_device()
hci_conn_params_add() never checks for a NULL value and could lead to a NULL
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync
This fixes the following crash:
===============================
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hci_sync: Fix UAF in hci_disconnect_all_sync
Use-after-free can occur in hci_disconnect_all_sync if a connection is
del
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: MGMT: reject malformed HCI_CMD_SYNC commands
In 'mgmt_hci_cmd_sync()', check whether the size of parameters passed
in '
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: Fix a buffer overflow in mgmt_mesh_add()
Smatch Warning:
net/bluetooth/mgmt_util.c:375 mgmt_mesh_add() error: __memcpy(
Page 1+ Next →