On Wed, Feb 01, 2023 at 12:24:56PM +0200, Ovidiu Panait wrote: > From: Soenke Huster <soenke.huster@xxxxxxxxx> > > commit 3afee2118132e93e5f6fa636dfde86201a860ab3 upstream. > > This event is just specified for SCO and eSCO link types. > On the reception of a HCI_Synchronous_Connection_Complete for a BDADDR > of an existing LE connection, LE link type and a status that triggers the > second case of the packet processing a NULL pointer dereference happens, > as conn->link is NULL. > > Signed-off-by: Soenke Huster <soenke.huster@xxxxxxxxx> > Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx> > Signed-off-by: Ovidiu Panait <ovidiu.panait@xxxxxxxxxxxxxxxxx> > --- > This fixes "BUG: KASAN: use-after-free in sco_chan_del()" issue detected while > fuzzing with syzkaller. Now queued up, thanks. greg k-h
