projects / platform / kernel / linux-rpi.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d2e4f1b) | patch
Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp}
authorLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
Thu, 6 Apr 2023 16:33:09 +0000 (09:33 -0700)
committerLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
Mon, 10 Apr 2023 17:24:32 +0000 (10:24 -0700)
commita2a9339e1c9deb7e1e079e12e27a0265aea8421a
treee150b8893796fc828dbbfccced609ab5655d8d31tree | snapshot
parentd2e4f1b1cba8742db66aaf77374cab7c0c7c8656commit | diff
Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp}

Similar to commit d0be8347c623 ("Bluetooth: L2CAP: Fix use-after-free
caused by l2cap_chan_put"), just use l2cap_chan_hold_unless_zero to
prevent referencing a channel that is about to be destroyed.

Cc: stable@kernel.org
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Min Li <lm0963hack@gmail.com>
net/bluetooth/l2cap_core.c diff | blob | history
Domain: System / Kernel;