subject:"\[Linux\-kernel\-mentees\] \[PATCH net v2\] Bluetooth\: Fix slab\-out\-of\-bounds read in hci_le_direct_adv_report_evt\(\)"

Re: [Linux-kernel-mentees] [PATCH net v2] Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt()

2020-11-10 Thread Peilin Ye

On Mon, Nov 09, 2020 at 01:16:53PM +0100, Marcel Holtmann wrote: > Hi Peilin, > > > `num_reports` is not being properly checked. A malformed event packet with > > a large `num_reports` number makes hci_le_direct_adv_report_evt() read out > > of bounds. Fix it. > > > > Cc: sta...@vger.kernel.org

Re: [Linux-kernel-mentees] [PATCH net v2] Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt()

2020-11-09 Thread Marcel Holtmann

Hi Peilin, > `num_reports` is not being properly checked. A malformed event packet with > a large `num_reports` number makes hci_le_direct_adv_report_evt() read out > of bounds. Fix it. > > Cc: sta...@vger.kernel.org > Fixes: 2f010b55884e ("Bluetooth: Add support for handling LE Direct >

[Linux-kernel-mentees] [PATCH net v2] Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt()

2020-09-09 Thread Peilin Ye

`num_reports` is not being properly checked. A malformed event packet with a large `num_reports` number makes hci_le_direct_adv_report_evt() read out of bounds. Fix it. Cc: sta...@vger.kernel.org Fixes: 2f010b55884e ("Bluetooth: Add support for handling LE Direct Advertising Report events")