Commit 901f2191 authored by Lin Ma's avatar Lin Ma Committed by Yang Yingliang
Browse files

Bluetooth: use correct lock to prevent UAF of hdev object 



stable inclusion
from linux-4.19.194
commit 2b9e9c2ed0f1910b5201c5d37b355b60201df415
CVE: CVE-2021-3573

--------------------------------

commit e305509e upstream.

The hci_sock_dev_event() function will cleanup the hdev object for
sockets even if this object may still be in used within the
hci_sock_bound_ioctl() function, result in UAF vulnerability.

This patch replace the BH context lock to serialize these affairs
and prevent the race condition.

Signed-off-by: default avatarLin Ma <linma@zju.edu.cn>
Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarYang Yingliang <yangyingliang@huawei.com>
Reviewed-by: default avatarXiu Jianfeng <xiujianfeng@huawei.com>
Signed-off-by: default avatarYang Yingliang <yangyingliang@huawei.com>
parent 01d38e25
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment