Commit 18832090 authored by Dmitry Antipov's avatar Dmitry Antipov Committed by Wupeng Ma
Browse files

Bluetooth: Fix memory leak in hci_req_sync_complete() 

stable inclusion
from stable-v4.19.313
commit 89a32741f4217856066c198a4a7267bcdd1edd67
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9QRBX
CVE: CVE-2024-35978

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=89a32741f4217856066c198a4a7267bcdd1edd67



--------------------------------

commit 45d355a926ab40f3ae7bc0b0a00cb0e3e8a5a810 upstream.

In 'hci_req_sync_complete()', always free the previous sync
request state before assigning reference to a new one.

Reported-by: default avatar <syzbot+39ec16ff6cc18b1d066d@syzkaller.appspotmail.com>
Closes: https://syzkaller.appspot.com/bug?extid=39ec16ff6cc18b1d066d


Cc: stable@vger.kernel.org
Fixes: f60cb305 ("Bluetooth: Convert hci_req_sync family of function to new request API")
Signed-off-by: default avatarDmitry Antipov <dmantipov@yandex.ru>
Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarMa Wupeng <mawupeng1@huawei.com>
parent 03933bd1
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment