mirror of
https://github.com/torvalds/linux
synced 2024-07-22 11:10:46 +00:00
![]() syzbot reported sco_sock_setsockopt() is copying data without checking user input length. BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline] BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline] BUG: KASAN: slab-out-of-bounds in sco_sock_setsockopt+0xc0b/0xf90 net/bluetooth/sco.c:893 Read of size 4 at addr ffff88805f7b15a3 by task syz-executor.5/12578 Fixes: |
||
---|---|---|
.. | ||
bluetooth.h | ||
coredump.h | ||
hci.h | ||
hci_core.h | ||
hci_mon.h | ||
hci_sock.h | ||
hci_sync.h | ||
iso.h | ||
l2cap.h | ||
mgmt.h | ||
rfcomm.h | ||
sco.h |