[SRU][N][PATCH 2/2] Bluetooth: MGMT: Fix sparse errors
Massimiliano Pellizzer
massimiliano.pellizzer at canonical.com
Thu Oct 2 12:38:45 UTC 2025
From: Luiz Augusto von Dentz <luiz.von.dentz at intel.com>
This fixes the following errors:
net/bluetooth/mgmt.c:5400:59: sparse: sparse: incorrect type in argument 3
(different base types) @@ expected unsigned short [usertype] handle @@
got restricted __le16 [usertype] monitor_handle @@
net/bluetooth/mgmt.c:5400:59: sparse: expected unsigned short [usertype] handle
net/bluetooth/mgmt.c:5400:59: sparse: got restricted __le16 [usertype] monitor_handle
Fixes: e6ed54e86aae ("Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete")
Reported-by: kernel test robot <lkp at intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202506060347.ux2O1p7L-lkp@intel.com/
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz at intel.com>
(cherry picked from commit 7dd38ba4acbea9875b4ee061e20a26413e39d9f4)
CVE-2025-38118
Signed-off-by: Massimiliano Pellizzer <massimiliano.pellizzer at canonical.com>
---
net/bluetooth/mgmt.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index 381dc191e2488..e2e94c237a793 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -5167,11 +5167,11 @@ static void mgmt_adv_monitor_added(struct sock *sk, struct hci_dev *hdev,
}
static void mgmt_adv_monitor_removed(struct sock *sk, struct hci_dev *hdev,
- u16 handle)
+ __le16 handle)
{
struct mgmt_ev_adv_monitor_removed ev;
- ev.monitor_handle = cpu_to_le16(handle);
+ ev.monitor_handle = handle;
mgmt_event(MGMT_EV_ADV_MONITOR_REMOVED, hdev, &ev, sizeof(ev), sk);
}
--
2.48.1
More information about the kernel-team
mailing list