Luiz Augusto von Dentz 0d87bb6070 Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM ... commit 711f8c3fb3 upstream. The Bluetooth spec states that the valid range for SPSM is from 0x0001-0x00ff so it is invalid to accept values outside of this range: BLUETOOTH CORE SPECIFICATION Version 5.3 | Vol 3, Part A page 1059: Table 4.15: L2CAP_LE_CREDIT_BASED_CONNECTION_REQ SPSM ranges CVE: CVE-2022-42896 CC: stable@vger.kernel.org Reported-by: Tamás Koczka <poprdi@google.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Reviewed-by: Tedd Ho-Jeong An <tedd.an@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2022-12-08 11:23:05 +01:00
..
6lowpan	6lowpan: iphc: Fix an off-by-one check of array index	2021-09-15 09:47:31 +02:00
9p	net/9p: Fix a potential socket leak in p9_socket_open	2022-12-08 11:23:03 +01:00
802	net/802/garp: fix memleak in garp_request_join()	2021-07-31 08:19:38 +02:00
8021q	net: vlan: fix underflow for the real_dev refcnt	2021-12-01 09:23:34 +01:00
appletalk	appletalk: Fix skb allocation size in loopback case	2021-04-07 14:47:41 +02:00
atm	net/atm: fix proc_mpc_write incorrect return value	2022-10-29 10:20:35 +02:00
ax25	ax25: Fix UAF bugs in ax25 timers	2022-04-20 09:19:40 +02:00
batman-adv	batman-adv: Don't skb_split skbuffs with frag_list	2022-05-18 09:47:24 +02:00
bluetooth	Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM	2022-12-08 11:23:05 +01:00
bpf	bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb()	2022-11-25 17:42:21 +01:00
bpfilter	bpfilter: Specify the log level for the kmsg message	2021-07-14 16:53:33 +02:00
bridge	netfilter: ebtables: fix memory leak when blob is malformed	2022-09-28 11:04:07 +02:00
caif	net: caif: fix double disconnect client in chnl_net_open()	2022-11-25 17:42:15 +01:00
can	can: j1939: j1939_send_one(): fix missing CAN header initialization	2022-11-25 17:42:10 +01:00
ceph
core	net: gso: fix panic on frag_list with mixed head alloc types	2022-11-25 17:42:04 +01:00
dcb	net: dcb: disable softirqs in dcbnl_flush_dev()	2022-03-08 19:07:51 +01:00
dccp	dccp/tcp: Reset saddr on failure after inet6?_hash_connect().	2022-12-08 11:22:59 +01:00
decnet	net: decnet: Fix sleeping inside in af_decnet	2021-07-28 13:30:56 +02:00
dns_resolver
dsa	net: dsa: Add missing of_node_put() in dsa_port_parse_of	2022-03-23 09:12:07 +01:00
ethernet
hsr	net: hsr: Fix potential use-after-free	2022-12-08 11:23:03 +01:00
ieee802154	net: ieee802154: fix error return code in dgram_bind()	2022-11-03 23:56:54 +09:00
ife
ipv4	ipv4: Fix route deletion when nexthop info is not specified	2022-12-08 11:23:05 +01:00
ipv6	dccp/tcp: Reset saddr on failure after inet6?_hash_connect().	2022-12-08 11:22:59 +01:00
iucv	net/af_iucv: remove WARN_ONCE on malformed RX packets	2021-03-07 12:20:42 +01:00
kcm	kcm: close race conditions on sk_receive_queue	2022-11-25 17:42:21 +01:00
key	af_key: Fix send_acquire race with pfkey_register	2022-12-08 11:22:57 +01:00
l2tp	ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg	2022-06-22 14:11:21 +02:00
l3mdev	l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu	2022-04-27 13:50:47 +02:00
lapb
llc	llc: only change llc->dev when bind() succeeds	2022-03-28 08:46:48 +02:00
mac80211	wifi: mac80211: Fix ack frame idr leak when mesh has no route	2022-12-08 11:22:57 +01:00
mac802154	mac802154: Fix LQI recording	2022-11-03 23:56:53 +09:00
mpls	net: mpls: Fix notifications when deleting a device	2021-12-08 09:01:12 +01:00
ncsi	net/ncsi: check for error return from call to nla_put_u32	2022-01-05 12:37:45 +01:00
netfilter	ipvs: fix WARNING in ip_vs_app_net_cleanup()	2022-11-10 17:57:51 +01:00
netlabel	netlabel: fix out-of-bounds memory accesses	2022-04-15 14:18:35 +02:00
netlink	netlink: do not reset transport header in netlink_recvmsg()	2022-05-18 09:47:25 +02:00
netrom	netrom: Decrease sock refcount when sock timers expire	2021-07-28 13:30:56 +02:00
nfc	NFC: nci: fix memory leak in nci_rx_data_packet()	2022-12-08 11:22:59 +01:00
nsh
openvswitch	openvswitch: switch from WARN to pr_warn	2022-11-03 23:56:56 +09:00
packet	packet: do not set TP_STATUS_CSUM_VALID on CHECKSUM_COMPLETE	2022-12-08 11:23:03 +01:00
phonet	phonet: refcount leak in pep_sock_accep	2022-01-11 15:23:33 +01:00
psample
qrtr	net: qrtr: fix another OOB Read in qrtr_endpoint_post	2021-09-03 10:08:12 +02:00
rds	net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks()	2022-10-26 13:22:26 +02:00
rfkill
rose	rose: Fix NULL pointer dereference in rose_send_frame()	2022-11-10 17:57:51 +01:00
rxrpc	rxrpc: Fix calc of resend age	2022-09-28 11:03:58 +02:00
sched	net: sched: Fix use after free in red_enqueue()	2022-11-10 17:57:50 +01:00
sctp	sctp: fix memory leak in sctp_stream_outq_migrate()	2022-12-08 11:23:03 +01:00
smc	net/smc: Remove redundant refcount increase	2022-09-15 12:04:50 +02:00
strparser	bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding	2021-11-17 09:48:48 +01:00
sunrpc	SUNRPC: RPC level errors should set task->tk_rpc_status	2022-09-05 10:27:40 +02:00
switchdev	net: switchdev: do not propagate bridge updates across bridges	2021-10-27 09:54:24 +02:00
tipc	tipc: check skb_linearize() return value in tipc_disc_rcv()	2022-12-08 11:22:58 +01:00
tls	net/tls: Fix race in TLS device down flow	2022-07-29 17:14:12 +02:00
unix	io_uring/af_unix: defer registered files gc to io_uring release	2022-10-26 13:22:59 +02:00
vmw_vsock	vhost/vsock: Use kvmalloc/kvfree for larger packets.	2022-10-26 13:22:25 +02:00
wimax
wireless	wifi: cfg80211: fix buffer overflow in elem comparison	2022-12-08 11:23:03 +01:00
x25	net/x25: Fix skb leak in x25_lapb_receive_frame()	2022-11-25 17:42:16 +01:00
xdp	Revert "xsk: Do not sleep in poll() when need_wakeup set"	2021-12-22 09:29:40 +01:00
xfrm	xfrm: Update ipcomp_scratches with NULL when freed	2022-10-26 13:22:49 +02:00
compat.c	net: Return the correct errno code	2021-06-18 09:59:00 +02:00
Kconfig
Makefile
socket.c	net: Fix a data-race around sysctl_somaxconn.	2022-09-05 10:27:42 +02:00
sysctl_net.c