Hi Luiz, > hci_cmd_sync_queue shall return an error if HCI_UNREGISTER flag has > been set as that means hci_unregister_dev has been called so it will > likely cause a uaf after the timeout as the hdev will be freed. > > Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx> > --- > net/bluetooth/hci_sync.c | 3 +++ > 1 file changed, 3 insertions(+) patch has been applied to bluetooth-next tree. Regards Marcel
