Re: Linux: Race can lead to UAF in net/bluetooth/sco.c: sco_sock_connect()


Re: Linux: Race can lead to UAF in net/bluetooth/sco.c: sco_sock_connect()

has solved the UAF. The introduction of kref object ensures the dangling sco_conn object being freed in the function sco_conn_del when asynchronous hci event thread is invoked, which stops the subsequent exploit chain. I'm not sure if this commit is related to the email I sent, because i sent the first email to security () kernel org on November 14th, and the commit was on November 15th.

Previous articleNext article

POPULAR CATEGORY

corporate

12286

tech

11464

entertainment

15252

research

7035

misc

16117

wellness

12376

athletics

16146