Ksawlii/kernel_samsung_a53x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
kernel_samsung_a53x/include
History
Luiz Augusto von Dentz ed3ce62784 Bluetooth: SCO: Fix not validating setsockopt user input 
[ Upstream commit 51eda36d33e43201e7a4fd35232e069b2c850b01 ]

syzbot reported sco_sock_setsockopt() is copying data without
checking user input length.

BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset
include/linux/sockptr.h:49 [inline]
BUG: KASAN: slab-out-of-bounds in copy_from_sockptr
include/linux/sockptr.h:55 [inline]
BUG: KASAN: slab-out-of-bounds in sco_sock_setsockopt+0xc0b/0xf90
net/bluetooth/sco.c:893
Read of size 4 at addr ffff88805f7b15a3 by task syz-executor.5/12578

Fixes: ad10b1a48754 ("Bluetooth: Add Bluetooth socket voice option")
Fixes: b96e9c671b05 ("Bluetooth: Add BT_DEFER_SETUP option to sco socket")
Fixes: 00398e1d5183 ("Bluetooth: Add support for BT_PKT_STATUS CMSG data for SCO connections")
Fixes: f6873401a608 ("Bluetooth: Allow setting of codec for HFP offload use case")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-11-19 11:32:19 +01:00
..
acpi
asm-generic asm-generic: qspinlock: fix queued_spin_value_unlocked() implementation 2024-11-18 12:11:56 +01:00
clocksource
crypto crypto: af_alg - Disallow multiple in-flight AIO requests 2024-11-18 12:12:26 +01:00
drm drm: Don't treat 0 as -1 in drm_fixp2int_ceil 2024-11-19 08:44:51 +01:00
dt-bindings dt-bindings: clock: Update the videocc resets for sm8150 2024-11-18 12:12:41 +01:00
keys
kunit
kvm
linux u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file 2024-11-19 11:32:19 +01:00
math-emu
media
memory
misc
net Bluetooth: SCO: Fix not validating setsockopt user input 2024-11-19 11:32:19 +01:00
pcmcia
ras
rdma
scsc
scsi scsi: core: Introduce enum scsi_disposition 2024-11-18 12:13:21 +01:00
sdp
soc soc: fsl: qbman: Add CGR update function 2024-11-19 09:22:35 +01:00
sound ASoC: soc-card: Add storage for PCI SSID 2024-11-18 11:43:13 +01:00
target
test
trace tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string 2024-11-18 23:19:34 +01:00
uapi Input: allocate keycode for Display refresh rate toggle 2024-11-19 09:23:14 +01:00
variant1/linux
vdso
video
xen