[Linux-kernel-mentees] [PATCH v2] net/bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
gregkh at linuxfoundation.org
Fri Jul 10 10:43:06 UTC 2020
On Thu, Jul 09, 2020 at 09:02:24AM -0400, Peilin Ye wrote:
> Check upon `num_rsp` is insufficient. A malformed event packet with a
> large `num_rsp` number makes hci_extended_inquiry_result_evt() go out
> of bounds. Fix it.
> This patch fixes the following syzbot bug:
> Reported-by: syzbot+d8489a79b781849b9c46 at syzkaller.appspotmail.com
> Signed-off-by: Peilin Ye <yepeilin.cs at gmail.com>
Acked-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
Bluetooth maintainers, can you also add a cc: stable on this so it gets
picked up properly there?
More information about the Linux-kernel-mentees