LinuxLists.cc - Re: maybe similar bug exists for HCI_EV_INQUIRY_RESULT* like [Linux-kernel-mentees] [PATCH v2] net/bluetooth: slab-out-of-bounds read in hci_extended_inquiry_result

2021-07-01 21:08:22

Subject: Re: maybe similar bug exists for HCI_EV_INQUIRY_RESULT* like [Linux-kernel-mentees] [PATCH v2] net/bluetooth: slab-out-of-bounds read in hci_extended_inquiry_result_evt()

On Thu, Jul 01, 2021 at 06:39:36PM +0300, Alexander Larkin wrote:
> For the net/bluetooth/hci_event.c , maybe similar bug could be inside
> hci_inquiry_result_with_rssi_evt() that is HCI_EV_INQUIRY_RESULT_WITH_RSSI
> and inside hci_inquiry_result_evt() that is HCI_EV_INQUIRY_RESULT.

Hi Alexander,

Thanks for looking into this, I believe they were handled in commit
629b49c848ee ("Bluetooth: Prevent out-of-bounds read in
hci_inquiry_result_with_rssi_evt()") and commit 75bbd2ea50ba ("Bluetooth:
Prevent out-of-bounds read in hci_inquiry_result_evt()").

Thanks,
Peilin Ye