android_kernel_zuk_msm8996.git

diff options

author	Pavel Skripkin <paskripkin@gmail.com>	2021-11-01 10:12:12 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2022-01-27 08:46:13 +0100
commit	048acfa4daf167b007b6bd8bef474e90c2282a5f (patch)
tree	e0752f95d70040a21637c47189aac8eea0e594d2 /include
parent	4af1490c4e45ca5457e6c98f8752957d7c6882f2 (diff)

Bluetooth: stop proccessing malicious adv data

[ Upstream commit 3a56ef719f0b9682afb8a86d64b2399e36faa4e6 ] Syzbot reported slab-out-of-bounds read in hci_le_adv_report_evt(). The problem was in missing validaion check. We should check if data is not malicious and we can read next data block. If we won't check ptr validness, code can read a way beyond skb->end and it can cause problems, of course. Fixes: e95beb414168 ("Bluetooth: hci_le_adv_report_evt code refactoring") Reported-and-tested-by: syzbot+e3fcb9c4f3c2a931dc40@syzkaller.appspotmail.com Signed-off-by: Pavel Skripkin <paskripkin@gmail.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Sasha Levin <sashal@kernel.org>

Diffstat (limited to 'include')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: