Commit 559b1c7a authored Oct 08, 2024 by Luiz Augusto von Dentz Committed by Greg Kroah-Hartman Dec 14, 2024

Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet



[ Upstream commit 3fe288a8 ]

This fixes not checking if skb really contains an ACL header otherwise
the code may attempt to access some uninitilized/invalid memory past the
valid skb->data.

Reported-by:  <syzbot+6ea290ba76d8c1eb1ac2@syzkaller.appspotmail.com>
Tested-by:  <syzbot+6ea290ba76d8c1eb1ac2@syzkaller.appspotmail.com>
Closes: https://syzkaller.appspot.com/bug?extid=6ea290ba76d8c1eb1ac2


Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

parent f2c3deaf

Show whitespace changes

Inline Side-by-side

CodeLinaro @codelinaro
mentioned in commit 2f2e115e
· Nov 05, 2025

mentioned in commit 2f2e115e

mentioned in commit 2f2e115eecbda0de5d89f4303e8ae41018a36991

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 2f2e115e
· Nov 05, 2025

mentioned in commit 2f2e115e

mentioned in commit 2f2e115eecbda0de5d89f4303e8ae41018a36991

Toggle commit list

Please to comment