Hello:
This series was applied to bluetooth/bluetooth-next.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx>:
On Fri, 5 Apr 2024 16:48:23 -0400 you wrote:
> From: Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx>
>
> syzbot reported sco_sock_setsockopt() is copying data without
> checking user input length.
>
> BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset
> include/linux/sockptr.h:49 [inline]
> BUG: KASAN: slab-out-of-bounds in copy_from_sockptr
> include/linux/sockptr.h:55 [inline]
> BUG: KASAN: slab-out-of-bounds in sco_sock_setsockopt+0xc0b/0xf90
> net/bluetooth/sco.c:893
> Read of size 4 at addr ffff88805f7b15a3 by task syz-executor.5/12578
>
> [...]
Here is the summary with links:
- [v2,1/5] Bluetooth: SCO: Fix not validating setsockopt user input
https://git.kernel.org/bluetooth/bluetooth-next/c/82f018d9ae0e
- [v2,2/5] Bluetooth: RFCOMM: Fix not validating setsockopt user input
https://git.kernel.org/bluetooth/bluetooth-next/c/05dcb647b289
- [v2,3/5] Bluetooth: L2CAP: Fix not validating setsockopt user input
https://git.kernel.org/bluetooth/bluetooth-next/c/d10a75a2b47c
- [v2,4/5] Bluetooth: ISO: Fix not validating setsockopt user input
https://git.kernel.org/bluetooth/bluetooth-next/c/723cf24d84c1
- [v2,5/5] Bluetooth: hci_sock: Fix not validating setsockopt user input
https://git.kernel.org/bluetooth/bluetooth-next/c/f3ab06000608
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
