|
general protection fault in btintel_read_version
bluetooth
|
C |
error |
|
5 |
79d |
89d
|
26/26 |
6d06h |
b79e04091010
Bluetooth: btintel: Fix null ptr deref in btintel_read_version
|
|
KASAN: slab-use-after-free Write in __hci_acl_create_connection_sync
bluetooth
|
C |
done |
|
87 |
56d |
68d
|
26/26 |
6d06h |
5f641f03abcc
Bluetooth: hci_conn: Fix UAF Write in __hci_acl_create_connection_sync
|
|
memory leak in corrupted
bluetooth
|
syz |
|
|
536 |
19d |
91d
|
26/26 |
18d |
0a186b49bba5
batman-adv: mcast: fix memory leak on deleting a batman-adv interface
|
|
KASAN: null-ptr-deref Read in ida_free (4)
bluetooth
|
C |
done |
done |
29 |
114d |
153d
|
26/26 |
61d |
af73483f4e8b
ida: Fix crash in ida_free when the bitmap is empty
|
|
possible deadlock in hci_rfkill_set_block
bluetooth
|
C |
done |
|
3391 |
102d |
175d
|
26/26 |
71d |
769bf60e17ee
Bluetooth: Fix deadlock in vhci_send_frame
|
|
KASAN: slab-out-of-bounds Read in create_monitor_event
bluetooth
|
C |
done |
|
952 |
175d |
189d
|
25/26 |
117d |
18f547f3fc07
Bluetooth: hci_sock: fix slab oob read in create_monitor_event
|
|
BUG: sleeping function called from invalid context in __hci_cmd_sync_sk
bluetooth
|
C |
done |
|
34 |
186d |
303d
|
25/26 |
117d |
acab8ff29a2a
Bluetooth: ISO: Fix invalid context error
|
|
general protection fault in sco_conn_add
bluetooth
|
C |
done |
|
4 |
272d |
282d
|
23/26 |
186d |
b4066eb04bb6
Bluetooth: hci_conn: return ERR_PTR instead of NULL when there is no link
|
|
KASAN: slab-use-after-free Write in sco_chan_del
bluetooth
|
C |
done |
|
19 |
202d |
336d
|
23/26 |
186d |
3344d318337d
Bluetooth: hci_conn: fail SCO/ISO via hci_conn_failed if ACL gone early
|
|
INFO: rcu detected stall in hci_cmd_timeout
bluetooth
|
|
|
|
1 |
249d |
249d
|
23/26 |
186d |
8c21ab1bae94
net/sched: fq_pie: avoid stalls in fq_pie_timer()
|
|
KASAN: slab-use-after-free Read in hci_conn_del
bluetooth
|
|
|
|
7 |
326d |
350d
|
22/26 |
289d |
ca1fd42e7dbf
Bluetooth: Fix potential double free caused by hci_conn_unlink
|
|
possible deadlock in sco_conn_del
bluetooth
|
C |
done |
done |
279 |
336d |
739d
|
22/26 |
289d |
a2ac591cb4d8
Bluetooth: Fix UAF in hci_conn_hash_flush again
|
|
KASAN: slab-use-after-free Read in hci_conn_hash_flush
bluetooth
|
C |
error |
|
3511 |
315d |
409d
|
22/26 |
289d |
a2ac591cb4d8
Bluetooth: Fix UAF in hci_conn_hash_flush again
ca1fd42e7dbf
Bluetooth: Fix potential double free caused by hci_conn_unlink
|
|
INFO: task hung in rfcomm_process_sessions (2)
bluetooth
|
C |
error |
done |
14 |
474d |
748d
|
22/26 |
312d |
1d80d57ffcb5
Bluetooth: Fix possible deadlock in rfcomm_sk_state_change
|
|
WARNING: bad unlock balance in l2cap_recv_frame
bluetooth
|
|
|
|
75 |
355d |
366d
|
22/26 |
312d |
25e97f7b1866
Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp
|
|
KASAN: use-after-free Read in mgmt_pending_remove
bluetooth
|
C |
unreliable |
|
9 |
588d |
607d
|
22/26 |
416d |
3cfbc6ac22d6
Bluetooth: hci_sync: fix double mgmt_pending_free() in remove_adv_monitor()
Bluetooth: hci_sync: fix double mgmt_pending_free() in remove_adv_monitor()
|
|
WARNING: ODEBUG bug in mgmt_index_removed
bluetooth
|
|
|
|
1 |
590d |
586d
|
22/26 |
416d |
f74ca25d6d66
Bluetooth: avoid hci_dev_test_and_set_flag() in mgmt_init_hdev()
|
|
KASAN: use-after-free Write in sco_sock_timeout
bluetooth
|
C |
done |
|
272 |
691d |
963d
|
22/26 |
416d |
7aa1e7d15f8a
Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout
|
|
INFO: task hung in hci_dev_close_sync
bluetooth
|
C |
unreliable |
|
2366 |
558d |
713d
|
22/26 |
416d |
e36bea6e78ab
Bluetooth: core: Fix deadlock on hci_power_on_sync.
|
|
BUG: corrupted list in hci_conn_add_sysfs
bluetooth
|
C |
error |
done |
9 |
571d |
570d
|
22/26 |
416d |
448a496f7606
Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times
|
|
WARNING: ODEBUG bug in __cancel_work
bluetooth
|
C |
inconclusive |
|
1 |
610d |
606d
|
22/26 |
416d |
2d2cb3066f2c
Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create()
|
|
upstream test error: WARNING: ODEBUG bug in mgmt_index_removed
bluetooth
|
|
|
|
551 |
613d |
621d
|
22/26 |
416d |
3f2893d3c142
Bluetooth: don't try to cancel uninitialized works at mgmt_index_removed()
|
|
memory leak in vhci_write
bluetooth
|
C |
|
|
1 |
608d |
604d
|
22/26 |
416d |
7c9524d92964
Bluetooth: L2CAP: Fix memory leak in vhci_write
|
|
INFO: trying to register non-static key in hci_uart_flush (2)
bluetooth
|
syz |
error |
error |
37 |
544d |
1686d
|
22/26 |
416d |
3124d320c22f
Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure
|
|
WARNING: ODEBUG bug in bt_host_release
bluetooth
|
syz |
done |
done |
7 |
1099d |
1352d
|
22/26 |
574d |
e2cb6b891ad2
bluetooth: eliminate the potential race condition when removing the HCI controller
|
|
general protection fault in hci_inquiry_result_with_rssi_evt
bluetooth
|
C |
done |
|
17 |
830d |
855d
|
20/26 |
697d |
72279d17df54
Bluetooth: hci_event: Rework hci_inquiry_result_with_rssi_evt
|
|
KASAN: slab-out-of-bounds Read in add_adv_patterns_monitor
bluetooth
|
C |
error |
done |
5 |
1153d |
1173d
|
20/26 |
704d |
b4a221ea8a1f
Bluetooth: advmon offload MSFT add rssi support
|
|
INFO: trying to register non-static key in l2cap_sock_teardown_cb
bluetooth
|
C |
done |
done |
88 |
897d |
1200d
|
20/26 |
769d |
1bff51ea59a9
Bluetooth: fix use-after-free error in lock_sock_nested()
|
|
KASAN: null-ptr-deref Write in l2cap_chan_put
bluetooth
|
syz |
done |
done |
7 |
901d |
1347d
|
20/26 |
769d |
1bff51ea59a9
Bluetooth: fix use-after-free error in lock_sock_nested()
|
|
memory leak in mgmt_cmd_complete
bluetooth
|
C |
|
|
3 |
965d |
1065d
|
20/26 |
769d |
709fca500067
Bluetooth: hci_sock: purge socket queues in the destruct() callback
|
|
KASAN: slab-out-of-bounds Read in hci_le_meta_evt (2)
bluetooth
|
C |
inconclusive |
|
2 |
898d |
897d
|
20/26 |
769d |
3a56ef719f0b
Bluetooth: stop proccessing malicious adv data
|
|
BUG: sleeping function called from invalid context in lock_sock_nested (2)
bluetooth
|
C |
done |
error |
19391 |
979d |
1514d
|
20/26 |
887d |
e04480920d1e
Bluetooth: defer cleanup of resources in hci_unregister_dev()
Bluetooth: defer cleanup of resources in hci_unregister_dev()
|
|
INFO: trying to register non-static key in l2cap_chan_del
bluetooth
|
syz |
inconclusive |
|
73 |
1131d |
1349d
|
20/26 |
888d |
3af70b39fa2d
Bluetooth: check for zapped sk before connecting
|
|
inconsistent lock state in sco_sock_timeout
bluetooth
|
C |
done |
|
16 |
993d |
1337d
|
20/26 |
888d |
ba316be1b6a0
Bluetooth: schedule SCO timeouts with delayed_work
|
|
general protection fault in hci_release_dev
bluetooth
|
C |
done |
|
41 |
967d |
988d
|
20/26 |
888d |
e04480920d1e
Bluetooth: defer cleanup of resources in hci_unregister_dev()
|
|
INFO: trying to register non-static key in skb_dequeue
bluetooth
|
C |
error |
|
28951 |
1073d |
1354d
|
20/26 |
888d |
be8597239379
Bluetooth: initialize skb_queue_head at l2cap_chan_create()
|
|
BUG: corrupted list in kobject_add_internal (3)
bluetooth
|
C |
inconclusive |
|
3 |
924d |
1028d
|
20/26 |
888d |
92fe24a7db75
Bluetooth: skip invalid hci_sync_conn_complete_evt
|
|
KASAN: use-after-free Read in hci_send_acl
bluetooth
|
C |
done |
|
2 |
1142d |
1352d
|
20/26 |
888d |
5c4c8c954409
Bluetooth: verify AMP hci_chan before amp_destroy
|
|
INFO: task hung in hci_req_sync
bluetooth
|
C |
inconclusive |
|
1 |
982d |
978d
|
20/26 |
888d |
f41a4b2b5eb7
Bluetooth: add timeout sanity check to hci_inquiry
|
|
KASAN: null-ptr-deref Write in amp_read_loc_assoc_final_data
bluetooth
|
C |
done |
|
185 |
1153d |
1354d
|
20/26 |
1102d |
e8bd76ede155
Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data
|
|
KASAN: slab-out-of-bounds Read in hci_le_meta_evt
bluetooth
|
C |
error |
error |
45 |
1230d |
1351d
|
19/26 |
1133d |
f7e0e8b2f1b0
Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt()
|
|
memory leak in h5_rx_pkt_start
bluetooth
|
C |
|
|
5 |
1330d |
1673d
|
19/26 |
1133d |
70f259a3f427
Bluetooth: hci_h5: close serdev device and free hu in h5_close
855af2d74c87
Bluetooth: hci_h5: fix memory leak in h5_close
|
|
KASAN: use-after-free Write in __sco_sock_close
bluetooth
|
C |
done |
done |
10 |
1254d |
1352d
|
19/26 |
1133d |
6dfccd13db2f
Bluetooth: Fix null pointer dereference in hci_event_packet()
|
|
general protection fault in hci_event_packet
bluetooth
|
C |
done |
|
25 |
1299d |
1352d
|
19/26 |
1133d |
6dfccd13db2f
Bluetooth: Fix null pointer dereference in hci_event_packet()
|
|
BUG: corrupted list in kobject_add_internal
bluetooth
|
C |
done |
done |
9 |
1284d |
1347d
|
15/26 |
1246d |
a46b7ed4d52d
Bluetooth: Fix auto-creation of hci_conn at Conn Complete event
|
|
WARNING: refcount bug in do_enable_set
bluetooth
|
C |
inconclusive |
done |
8 |
1349d |
1459d
|
15/26 |
1246d |
b83764f9220a
Bluetooth: Fix kernel oops triggered by hci_adv_monitors_clear()
|
|
KASAN: use-after-free Write in refcount_warn_saturate
bluetooth
|
C |
inconclusive |
done |
2 |
1350d |
1509d
|
15/26 |
1246d |
b83764f9220a
Bluetooth: Fix kernel oops triggered by hci_adv_monitors_clear()
|
|
memory leak in read_adv_mon_features
bluetooth
|
C |
|
|
2 |
1316d |
1339d
|
15/26 |
1246d |
cafd472a10ff
Bluetooth: Fix memory leak in read_adv_mon_features()
|
|
KASAN: slab-out-of-bounds Read in hci_extended_inquiry_result_evt
bluetooth
|
C |
|
|
16 |
1350d |
1378d
|
15/26 |
1307d |
51c19bf3d5cf
Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
|
|
KASAN: slab-out-of-bounds Read in hci_inquiry_result_with_rssi_evt
bluetooth
|
C |
error |
|
9 |
1352d |
1372d
|
15/26 |
1307d |
629b49c848ee
Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt()
|
|
WARNING: ODEBUG bug in rfcomm_dev_ioctl
bluetooth
|
|
|
|
1 |
1501d |
1501d
|
15/26 |
1436d |
71811cac8532
Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl
|
|
linux-next test error: KASAN: use-after-free Read in l2cap_sock_release
bluetooth
|
|
|
|
12 |
1531d |
1533d
|
15/26 |
1436d |
2a154903cec2
Bluetooth: prefetch channel before killing sock
|
|
KASAN: use-after-free Write in hci_sock_bind
bluetooth
|
|
|
|
4 |
1520d |
1553d
|
15/26 |
1518d |
11eb85ec42dc
Bluetooth: Fix race condition in hci_release_sock()
|
|
KMSAN: use-after-free in kfree_skb
bluetooth
|
syz |
|
|
34 |
1603d |
1651d
|
15/26 |
1586d |
cf94da6f502d
Bluetooth: Fix invalid-free in bcsp_close()
|
|
KMSAN: use-after-free in skb_dequeue
bluetooth
|
C |
|
|
1 |
1646d |
1646d
|
15/26 |
1586d |
cf94da6f502d
Bluetooth: Fix invalid-free in bcsp_close()
|
|
KASAN: invalid-free in skb_free_head
bluetooth
|
C |
done |
|
1 |
1627d |
1627d
|
15/26 |
1586d |
cf94da6f502d
Bluetooth: Fix invalid-free in bcsp_close()
|
|
general protection fault in qca_setup
bluetooth
|
C |
done |
done |
6 |
1890d |
1890d
|
13/26 |
1619d |
b36a1552d731
Bluetooth: hci_uart: check for missing tty operations
|
|
BUG: unable to handle kernel NULL pointer dereference in hci_uart_set_flow_control
bluetooth
|
C |
done |
|
7 |
1852d |
1852d
|
12/26 |
1707d |
b36a1552d731
Bluetooth: hci_uart: check for missing tty operations
|
|
memory leak in bcsp_recv
bluetooth
|
C |
|
|
3 |
1760d |
1787d
|
12/26 |
1715d |
4ce9146e0370
Bluetooth: hci_bcsp: Fix memory leak in rx_skb
|
|
WARNING in lockdep_unregister_key
bluetooth
|
C |
done |
|
214 |
1848d |
1862d
|
11/26 |
1841d |
82efcab3b9f3
workqueue: Only unregister a registered lockdep key
|
|
general protection fault in hci_uart_write_work
bluetooth
|
C |
|
|
84 |
1869d |
1918d
|
11/26 |
1845d |
32a7b4cbe93b
Bluetooth: hci_ldisc: Initialize hci_dev before open()
|
|
KASAN: use-after-free Read in h5_reset_rx
bluetooth
|
|
|
|
2 |
1876d |
1882d
|
11/26 |
1845d |
56897b217a1d
Bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in hci_uart_set_proto()
|
|
BUG: unable to handle kernel paging request in h4_recv_buf
bluetooth
|
C |
|
|
203 |
1869d |
1931d
|
11/26 |
1845d |
1dc2d785156c
Bluetooth: hci_uart: Check if socket buffer is ERR_PTR in h4_recv_buf()
|