mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-14 20:46:39 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers/bluetooth
History
Zheng Wang da3d3fdfb4 Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work 
[ Upstream commit 1e9ac114c4 ]

In btsdio_probe, &data->work was bound with btsdio_work.In
btsdio_send_frame, it was started by schedule_work.

If we call btsdio_remove with an unfinished job, there may
be a race condition and cause UAF bug on hdev.

Fixes: ddbaf13e36 ("[Bluetooth] Add generic driver for Bluetooth SDIO devices")
Signed-off-by: Zheng Wang <zyytlz.wz@163.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-04-05 11:23:36 +02:00
..
ath3k.c Bluetooth: ath3k: use usb_control_msg_send() and usb_control_msg_recv() 2020-09-25 16:33:59 +02:00
bcm203x.c Bluetooth: Use fallthrough pseudo-keyword 2020-07-10 19:09:42 +02:00
bfusb.c Bluetooth: bfusb: fix division by zero in send path 2022-01-16 09:14:22 +01:00
bluecard_cs.c Bluetooth: Use fallthrough pseudo-keyword 2020-07-10 19:09:42 +02:00
bpa10x.c
bt3c_cs.c
btbcm.c Bluetooth: hci_bcm: Add BCM4349B1 variant 2022-08-11 13:06:45 +02:00
btbcm.h Bluetooth: btbcm: Make btbcm_setup_patchram use btbcm_finalize 2020-04-22 19:43:58 +02:00
btintel.c Bluetooth: btintel: Functions to send firmware header / payload 2020-09-14 20:30:36 +02:00
btintel.h Bluetooth: btintel: Replace zero-length array with flexible-array member 2020-10-30 16:57:41 -05:00
btmrvl_debugfs.c
btmrvl_drv.h
btmrvl_main.c Bluetooth: btmrvl_sdio: Implement prevent_wake 2020-06-12 08:38:52 +02:00
btmrvl_sdio.c Bluetooth: btmrvl: eliminate duplicates introducing btmrvl_reg_89xx 2020-08-02 19:59:43 +02:00
btmrvl_sdio.h
btmtksdio.c Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt 2022-04-08 14:40:22 +02:00
btmtkuart.c Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync 2021-11-18 14:04:03 +01:00
btqca.c Bluetooth: btqca: Don't modify firmware contents in-place 2021-07-14 16:55:34 +02:00
btqca.h Bluetooth: hci_qca: Disable SoC debug logging for WCN3991 2020-06-12 15:17:47 +02:00
btqcomsmd.c Bluetooth: btqcomsmd: Fix command timeout after setting BD address 2023-04-05 11:23:36 +02:00
btrsi.c
btrtl.c
btrtl.h
btsdio.c Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work 2023-04-05 11:23:36 +02:00
btusb.c Bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE 2023-03-11 16:39:51 +01:00
dtl1_cs.c
h4_recv.h
hci_ag6xx.c
hci_ath.c
hci_bcm.c Bluetooth: hci_bcm: Add DT compatible for CYW55572 2022-08-11 13:06:46 +02:00
hci_bcsp.c Bluetooth: hci_bcsp: don't call kfree_skb() under spin_lock_irqsave() 2023-01-14 10:15:45 +01:00
hci_h4.c
hci_h5.c Bluetooth: hci_h5: don't call kfree_skb() under spin_lock_irqsave() 2023-01-14 10:15:45 +01:00
hci_intel.c Bluetooth: hci_intel: Add check for platform_driver_register 2022-08-21 15:15:49 +02:00
hci_ldisc.c Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure 2022-10-26 13:25:21 +02:00
hci_ll.c Bluetooth: hci_ll: don't call kfree_skb() under spin_lock_irqsave() 2023-01-14 10:15:45 +01:00
hci_mrvl.c
hci_nokia.c
hci_qca.c Bluetooth: hci_qca: Fixed issue during suspend 2023-01-24 07:20:01 +01:00
hci_serdev.c Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure 2022-10-26 13:25:21 +02:00
hci_uart.h
hci_vhci.c Bluetooth: vhci: Set HCI_QUIRK_VALID_LE_STATES 2022-01-27 10:54:18 +01:00
Kconfig
Makefile