mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/drivers/bluetooth
History
Zheng Wang 1e9ac114c4 Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work 
In btsdio_probe, &data->work was bound with btsdio_work.In
btsdio_send_frame, it was started by schedule_work.

If we call btsdio_remove with an unfinished job, there may
be a race condition and cause UAF bug on hdev.

Fixes: ddbaf13e36 ("[Bluetooth] Add generic driver for Bluetooth SDIO devices")
Signed-off-by: Zheng Wang <zyytlz.wz@163.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
 		2023-03-23 13:09:38 -07:00
..
Kconfig Bluetooth: hci_bcm4377: Add new driver for BCM4377 PCIe boards 2022-12-12 14:19:24 -08:00
Makefile Bluetooth: hci_bcm4377: Add new driver for BCM4377 PCIe boards 2022-12-12 14:19:24 -08:00
ath3k.c Bluetooth: ath3k: remove superfluous header files 2022-03-18 17:12:09 +01:00
bcm203x.c Bluetooth: bcm203x: remove superfluous header files 2022-03-18 17:12:09 +01:00
bfusb.c Bluetooth: bfusb: fix division by zero in send path 2021-10-25 15:04:46 +02:00
bluecard_cs.c Bluetooth: Use fallthrough pseudo-keyword 2020-07-10 19:09:42 +02:00
bpa10x.c Bluetooth: bpa10x: change return value 2019-09-04 16:11:46 +02:00
bt3c_cs.c Bluetooth: bt3c_cs: Fix obsolete function 2018-09-27 12:57:39 +02:00
btbcm.c Bluetooth: hci_bcm: Add BCM4349B1 variant 2022-07-21 17:06:36 -07:00
btbcm.h Bluetooth: hci_bcm: Add support for FW loading in autobaud mode 2022-07-21 17:04:38 -07:00
btintel.c Bluetooth: btinel: Check ACPI handle for NULL before accessing 2023-03-23 13:09:26 -07:00
btintel.h Bluetooth: btintel: Iterate only bluetooth device ACPI entries 2023-03-22 16:05:55 -07:00
btmrvl_debugfs.c treewide: Replace GPLv2 boilerplate/reference with SPDX - gpl-2.0_390.RULE 2022-06-10 14:51:36 +02:00
btmrvl_drv.h treewide: Replace GPLv2 boilerplate/reference with SPDX - gpl-2.0_390.RULE 2022-06-10 14:51:36 +02:00
btmrvl_main.c treewide: Replace GPLv2 boilerplate/reference with SPDX - gpl-2.0_390.RULE 2022-06-10 14:51:36 +02:00
btmrvl_sdio.c treewide: Replace GPLv2 boilerplate/reference with SPDX - gpl-2.0_390.RULE 2022-06-10 14:51:36 +02:00
btmrvl_sdio.h treewide: Replace GPLv2 boilerplate/reference with SPDX - gpl-2.0_390.RULE 2022-06-10 14:51:36 +02:00
btmtk.c Bluetooth: btmtkuart: rely on BT_MTK module 2022-03-18 17:12:07 +01:00
btmtk.h Bluetooth: btmtkuart: rely on BT_MTK module 2022-03-18 17:12:07 +01:00
btmtksdio.c Bluetooth: btmtksdio: Add in-band wakeup support 2022-07-21 17:08:03 -07:00
btmtkuart.c Bluetooth: btmtkuart: fix error handling in mtk_hci_wmt_sync() 2022-03-18 17:12:08 +01:00
btqca.c Bluetooth: btqca: sequential validation 2022-01-07 08:32:55 +01:00
btqca.h Bluetooth: btqca: sequential validation 2022-01-07 08:32:55 +01:00
btqcomsmd.c Bluetooth: btqcomsmd: Fix command timeout after setting BD address 2023-03-23 13:09:38 -07:00
btrsi.c Bluetooth: btrsi: remove superfluous header files from btrsi.c 2021-09-29 00:13:48 +02:00
btrtl.c Bluetooth: btusb: Ignore zero length of USB packets on ALT 6 for specific chip 2022-12-12 14:19:23 -08:00
btrtl.h Bluetooth: btrtl: Add btrealtek data struct 2022-12-12 14:19:23 -08:00
btsdio.c Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work 2023-03-23 13:09:38 -07:00
btusb.c Bluetooth: btusb: Remove detection of ISO packets over bulk 2023-03-22 16:05:55 -07:00
dtl1_cs.c
h4_recv.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
hci_ag6xx.c Bluetooth: hci_uart: Remove redundant assignment to fw_ptr 2021-06-26 07:52:41 +02:00
hci_ath.c Bluetooth: hci_uart: check for missing tty operations 2019-07-31 13:17:33 -07:00
hci_bcm.c Bluetooth: hci_bcm: Add CYW4373A0 support 2022-12-12 14:19:24 -08:00
hci_bcm4377.c Bluetooth: hci_bcm4377: Fix missing pci_disable_device() on error in bcm4377_probe() 2022-12-12 14:19:25 -08:00
hci_bcsp.c treewide: Convert del_timer*() to timer_shutdown*() 2022-12-25 13:38:09 -08:00
hci_h4.c Bluetooth: hci_h4: Fix padding calculation error within h4_recv_buf() 2021-11-16 13:57:25 +01:00
hci_h5.c Bluetooth: hci_h5: don't call kfree_skb() under spin_lock_irqsave() 2022-12-12 14:19:25 -08:00
hci_intel.c Bluetooth: hci_intel: Add check for platform_driver_register 2022-07-21 17:05:10 -07:00
hci_ldisc.c Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure 2022-09-19 10:33:39 -07:00
hci_ll.c Bluetooth: hci_ll: don't call kfree_skb() under spin_lock_irqsave() 2022-12-12 14:19:25 -08:00
hci_mrvl.c Bluetooth: hci_uart: check for missing tty operations 2019-07-31 13:17:33 -07:00
hci_nokia.c Bluetooth: hci_nokia: Save a few cycles in 'nokia_enqueue()' 2019-10-16 19:26:40 +02:00
hci_qca.c Bluetooth: hci_qca: get wakeup status from serdev device handle 2023-02-09 14:19:08 -08:00
hci_serdev.c Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure 2022-09-19 10:33:39 -07:00
hci_uart.h Bluetooth: hci_h5: Disable the hci_suspend_notifier for btrtl devices 2021-07-22 16:06:09 +02:00
hci_vhci.c Bluetooth: vhci: Set HCI_QUIRK_VALID_LE_STATES 2021-12-22 23:01:35 +01:00
virtio_bt.c virtio_bt: Fix alignment in configuration struct 2022-12-12 14:19:23 -08:00