Bluetooth: use correct lock to prevent UAF of hdev object
The hci_sock_dev_event() function will cleanup the hdev object for sockets even if this object may still be in used within the hci_sock_bound_ioctl() function, result in UAF vulnerability. This patch replace the BH context lock to serialize these affairs and prevent the race condition. Signed-off-by: NLin Ma <linma@zju.edu.cn> Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
Showing
想要评论请 注册 或 登录