APPLIED: [SRU][N][PATCH 0/1] CVE-2024-50148

[Koichiro Den]

On Wed, Jan 22, 2025 at 10:52:30PM GMT, Massimiliano Pellizzer wrote:
> [Impact]
> 
> Bluetooth: bnep: fix wild-memory-access in proto_unregister
> 
> There's issue as follows:
>   KASAN: maybe wild-memory-access in range [0xdead...108-0xdead...10f]
>   CPU: 3 UID: 0 PID: 2805 Comm: rmmod Tainted: G        W
>   RIP: 0010:proto_unregister+0xee/0x400
>   Call Trace:
>    <TASK>
>    __do_sys_delete_module+0x318/0x580
>    do_syscall_64+0xc1/0x1d0
>    entry_SYSCALL_64_after_hwframe+0x77/0x7f
> 
> As bnep_init() ignore bnep_sock_init()'s return value, and bnep_sock_init()
> will cleanup all resource. Then when remove bnep module will call
> bnep_sock_cleanup() to cleanup sock's resource.
> To solve above issue just return bnep_sock_init()'s return value in
> bnep_exit().
> 
> [Fix]
> 
> Oracular: Fixed via upstream stable updates (95df8ca962fbb0)
> Noble: Clean cherry pick from mainline
> Jammy: Fixed via upstream stable updates (1e95961320e711)
> Focal: Fixed via upstream stable updates (84e3d4d674f693)
> Bionic: Sent to ESM ML
> Xenial: Sent to ESM ML
> Trusty: Not affected
> 
> [Test Case]
> 
> Compile and boot tested.
> Loaded and unloaded successfully the kernel module bnep.
> 
> [Where problems could occur]
> 
> A regression here is unlikely due to the very limited scope of the
> patch.
> 
> Ye Bin (1):
>   Bluetooth: bnep: fix wild-memory-access in proto_unregister
> 
>  net/bluetooth/bnep/core.c | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)
> 

Applied to noble:linux master-next branch. Thanks!