[SRU Xenial, Bionic 0/1] CVE-2023-40283

Cengiz Can cengiz.can at canonical.com
Mon Aug 28 15:57:48 UTC 2023


[Impact]
An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in
the Linux kernel before 6.4.10. There is a use-after-free because the children
of an sk are mishandled.

[Fix]
Cherry picked from upstream.

[Test case]
Compile, boot and l2test tested with dual bluetooth adapters. 

[Potential regression]
Low regression potential.

Sungwoo Kim (1):
  Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb

 net/bluetooth/l2cap_sock.c | 2 ++
 1 file changed, 2 insertions(+)

-- 
2.39.2




More information about the kernel-team mailing list