On Wed, Feb 01, 2023 at 12:24:56PM +0200, Ovidiu Panait wrote:
From: Soenke Huster soenke.huster@eknoes.de
commit 3afee2118132e93e5f6fa636dfde86201a860ab3 upstream.
This event is just specified for SCO and eSCO link types. On the reception of a HCI_Synchronous_Connection_Complete for a BDADDR of an existing LE connection, LE link type and a status that triggers the second case of the packet processing a NULL pointer dereference happens, as conn->link is NULL.
Signed-off-by: Soenke Huster soenke.huster@eknoes.de Signed-off-by: Luiz Augusto von Dentz luiz.von.dentz@intel.com Signed-off-by: Ovidiu Panait ovidiu.panait@eng.windriver.com
This fixes "BUG: KASAN: use-after-free in sco_chan_del()" issue detected while fuzzing with syzkaller.
Now queued up, thanks.
greg k-h