mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-04 16:15:11 +00:00
Code Issues Releases Wiki Activity
linux-stable/net
History
Min Li 2112c4c47d Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp 
[ Upstream commit 25e97f7b18 ]

conn->chan_lock isn't acquired before l2cap_get_chan_by_scid,
if l2cap_get_chan_by_scid returns NULL, then 'bad unlock balance'
is triggered.

Reported-by: syzbot+9519d6b5b79cf7787cf3@syzkaller.appspotmail.com
Link: https://lore.kernel.org/all/000000000000894f5f05f95e9f4d@google.com/
Signed-off-by: Min Li <lm0963hack@gmail.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-05-30 12:44:03 +01:00
..
6lowpan 6lowpan: iphc: Fix an off-by-one check of array index 2021-09-15 09:47:31 +02:00
9p 9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition 2023-04-20 12:07:36 +02:00
802 mrp: introduce active flags to prevent UAF when applicant uninit 2023-01-18 11:41:37 +01:00
8021q vlan: partially enable SIOCSHWTSTAMP in container 2023-05-17 11:35:41 +02:00
appletalk appletalk: Fix skb allocation size in loopback case 2021-04-07 14:47:41 +02:00
atm treewide: Replace DECLARE_TASKLET() with DECLARE_TASKLET_OLD() 2023-04-20 12:07:32 +02:00
ax25 ax25: Fix UAF bugs in ax25 timers 2022-04-20 09:19:40 +02:00
batman-adv batman-adv: Don't skb_split skbuffs with frag_list 2022-05-18 09:47:24 +02:00
bluetooth Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp 2023-05-30 12:44:03 +01:00
bpf bpf: Move skb->len == 0 checks into __bpf_redirect 2023-01-18 11:41:04 +01:00
bpfilter bpfilter: Specify the log level for the kmsg message 2021-07-14 16:53:33 +02:00
bridge net: add vlan_get_protocol_and_depth() helper 2023-05-30 12:44:01 +01:00
caif net: caif: Fix use-after-free in cfusbl_device_notify() 2023-03-17 08:32:51 +01:00
can can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access 2023-04-20 12:07:34 +02:00
ceph
core net: Catch invalid index in XPS mapping 2023-05-30 12:44:03 +01:00
dcb net: dcb: disable softirqs in dcbnl_flush_dev() 2022-03-08 19:07:51 +01:00
dccp dccp: Call inet6_destroy_sock() via sk->sk_destruct(). 2023-04-26 11:24:05 +02:00
decnet net: decnet: Fix sleeping inside in af_decnet 2021-07-28 13:30:56 +02:00
dns_resolver
dsa net: dsa: ksz: Check return value 2022-12-14 11:30:45 +01:00
ethernet
hsr hsr: Avoid double remove of a node. 2023-01-18 11:41:09 +01:00
ieee802154 net: ieee802154: fix error return code in dgram_bind() 2022-11-03 23:56:54 +09:00
ife
ipv4 ipv4: Fix potential uninit variable access bug in __ip_make_skb() 2023-05-17 11:35:45 +02:00
ipv6 sit: update dev->needed_headroom in ipip6_tunnel_bind_dev() 2023-05-17 11:35:58 +02:00
iucv treewide: Replace DECLARE_TASKLET() with DECLARE_TASKLET_OLD() 2023-04-20 12:07:32 +02:00
kcm kcm: close race conditions on sk_receive_queue 2022-11-25 17:42:21 +01:00
key af_key: Fix send_acquire race with pfkey_register 2022-12-08 11:22:57 +01:00
l2tp inet6: Remove inet6_destroy_sock() in sk->sk_prot->destroy(). 2023-04-26 11:24:05 +02:00
l3mdev l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu 2022-04-27 13:50:47 +02:00
lapb net: lapb: Copy the skb before sending a packet 2021-02-10 09:25:28 +01:00
llc llc: only change llc->dev when bind() succeeds 2022-03-28 08:46:48 +02:00
mac80211 wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta 2023-04-20 12:07:33 +02:00
mac802154 mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() 2022-12-14 11:30:45 +01:00
mpls net: mpls: fix stale pointer if allocation fails during device rename 2023-02-22 12:50:41 +01:00
ncsi net/ncsi: clear Tx enable mode when handling a Config required AEN 2023-05-17 11:35:58 +02:00
netfilter netfilter: conntrack: fix possible bug_on with enable_hooks=1 2023-05-30 12:44:01 +01:00
netlabel netlabel: fix out-of-bounds memory accesses 2022-04-15 14:18:35 +02:00
netlink netlink: annotate accesses to nlk->cb_running 2023-05-30 12:44:01 +01:00
netrom netrom: Fix use-after-free caused by accept on already connected socket 2023-02-22 12:50:24 +01:00
nfc nfc: change order inside nfc_se_io error path 2023-03-17 08:32:48 +01:00
nsh
openvswitch net: openvswitch: fix flow memory leak in ovs_flow_cmd_new 2023-02-22 12:50:25 +01:00
packet net: add vlan_get_protocol_and_depth() helper 2023-05-30 12:44:01 +01:00
phonet phonet: refcount leak in pep_sock_accep 2022-01-11 15:23:33 +01:00
psample
qrtr net: qrtr: fix another OOB Read in qrtr_endpoint_post 2021-09-03 10:08:12 +02:00
rds rds: rds_rm_zerocopy_callback() correct order for list_add_tail() 2023-03-11 16:43:41 +01:00
rfkill
rose net/rose: Fix to not accept on connected socket 2023-02-22 12:50:34 +01:00
rxrpc rxrpc: Fix hard call timeout units 2023-05-17 11:35:59 +02:00
sched net/sched: act_mirred: Add carrier check 2023-05-17 11:35:59 +02:00
sctp sctp: Call inet6_destroy_sock() via sk->sk_destruct(). 2023-04-26 11:24:05 +02:00
smc net/smc: fix fallback failed while sendmsg with fastopen 2023-03-17 08:32:51 +01:00
strparser bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding 2021-11-17 09:48:48 +01:00
sunrpc SUNRPC: remove the maximum number of retries in call_bind_status 2023-05-17 11:35:52 +02:00
switchdev net: switchdev: do not propagate bridge updates across bridges 2021-10-27 09:54:24 +02:00
tipc tipc: call tipc_lxc_xmit without holding node_read_lock 2023-01-18 11:42:06 +01:00
tls net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf() 2023-04-05 11:16:36 +02:00
unix af_unix: Fix data races around sk->sk_shutdown. 2023-05-30 12:44:02 +01:00
vmw_vsock net: vmw_vsock: vmci: Check memcpy_from_msg() 2023-01-18 11:41:13 +01:00
wimax
wireless wifi: cfg80211: Partial revert "wifi: cfg80211: Fix use after free for wext" 2023-03-13 10:18:25 +01:00
x25 net/x25: Fix to not accept on connected socket 2023-02-22 12:50:26 +01:00
xdp Revert "xsk: Do not sleep in poll() when need_wakeup set" 2021-12-22 09:29:40 +01:00
xfrm xfrm: Allow transport-mode states with AF_UNSPEC selector 2023-03-22 13:28:03 +01:00
compat.c net: Return the correct errno code 2021-06-18 09:59:00 +02:00
Kconfig
Makefile
socket.c net: annotate sk->sk_err write from do_recvmmsg() 2023-05-30 12:44:01 +01:00
sysctl_net.c