system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-07-22 11:10:46 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
linux/include/net/bluetooth
History
Luiz Augusto von Dentz 51eda36d33 Bluetooth: SCO: Fix not validating setsockopt user input 
syzbot reported sco_sock_setsockopt() is copying data without
checking user input length.

BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset
include/linux/sockptr.h:49 [inline]
BUG: KASAN: slab-out-of-bounds in copy_from_sockptr
include/linux/sockptr.h:55 [inline]
BUG: KASAN: slab-out-of-bounds in sco_sock_setsockopt+0xc0b/0xf90
net/bluetooth/sco.c:893
Read of size 4 at addr ffff88805f7b15a3 by task syz-executor.5/12578

Fixes: ad10b1a487 ("Bluetooth: Add Bluetooth socket voice option")
Fixes: b96e9c671b ("Bluetooth: Add BT_DEFER_SETUP option to sco socket")
Fixes: 00398e1d51 ("Bluetooth: Add support for BT_PKT_STATUS CMSG data for SCO connections")
Fixes: f6873401a6 ("Bluetooth: Allow setting of codec for HFP offload use case")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
2024-04-10 15:03:46 -04:00
..
bluetooth.h Bluetooth: SCO: Fix not validating setsockopt user input 2024-04-10 15:03:46 -04:00
coredump.h Bluetooth: Add support for hci devcoredump 2023-04-23 21:57:59 -07:00
hci.h Bluetooth: add quirk for broken address properties 2024-03-29 09:48:37 -04:00
hci_core.h Bluetooth: hci_sync: Fix overwriting request callback 2024-03-06 17:26:20 -05:00
hci_mon.h Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name 2023-10-13 20:06:33 -07:00
hci_sock.h Bluetooth: Fix HCIGETDEVINFO regression 2022-09-08 14:33:53 -07:00
hci_sync.h Bluetooth: hci_sync: Attempt to dequeue connection attempt 2024-03-06 17:24:06 -05:00
iso.h Bluetooth: ISO: Add broadcast support 2022-07-22 17:14:13 -07:00
l2cap.h Bluetooth: hci_conn: Always use sk_timeo as conn_timeout 2024-03-06 17:22:41 -05:00
mgmt.h Bluetooth: Check for ISO support in controller 2023-08-11 11:31:23 -07:00
rfcomm.h Bluetooth: Replace zero-length array with flexible-array member 2020-02-28 08:30:02 +01:00
sco.h Bluetooth: af_bluetooth: Make BT_PKT_STATUS generic 2023-08-11 11:49:16 -07:00