Re: [PATCH] Bluetooth: avoid page fault from sco_send_frame()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, 11 Oct 2021 09:00:00 +0200,
Salvatore Bonaccorso wrote:
> 
> Hi,
> 
> On Sat, Sep 04, 2021 at 11:02:58AM +0900, Tetsuo Handa wrote:
> > Commit 99c23da0eed4fd20 ("Bluetooth: sco: Fix lock_sock() blockage
> > by memcpy_from_msg()") in linux-next.git should be sent to linux.git
> > now as a mitigation for CVE-2021-3640.
> > 
> > But I think "[PATCH v3 3/4] Bluetooth: SCO: Replace use of
> > memcpy_from_msg with bt_skb_sendmsg" still contains bug.
> 
> Did his one felt through the cracks? I'm confused about the statement
> in https://bugzilla.suse.com/show_bug.cgi?id=1188172#c8 so Cc'ing
> Takashi Iwai as well.

The quite similar fix has been already in the subsystem tree,
commit 99c23da0eed4 ("Bluetooth: sco: Fix lock_sock() blockage by
memcpy_from_msg()").  The particular CVE should be covered by that and
prerequisite patches.


Takashi
[Index of Archives]     [Bluez Devel]     [Linux Wireless Networking]     [Linux Wireless Personal Area Networking]     [Linux ATH6KL]     [Linux USB Devel]     [Linux Media Drivers]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Big List of Linux Books]

  Powered by Linux