On 2021/09/03 12:48, Luiz Augusto von Dentz wrote: > There is a set already handing this sort of problem: > > https://patchwork.kernel.org/project/bluetooth/patch/20210901002621.414016-3-luiz.dentz@xxxxxxxxx/ OK, I didn't know that. (I'm not subscribed to bluethooth ML.) But can we please keep the fix minimal? Multiple distributors are waiting for the fix (which can be backported) for more than one month. https://security-tracker.debian.org/tracker/CVE-2021-3640 https://access.redhat.com/security/cve/cve-2021-3640 And it looks to me that your "[3/4] Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg" contains a new use-after-free or memory corruption bug... :-(
