2025-07-03 08:35:33
Linux
PUBLISHED
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: reject malformed HCI_CMD_SYNC commands In mgmt_hci_cmd_sync(), check whether the size of parameters passed in struct mgmt_cp_hci_cmd_sync matches the total size of the data (i.e. sizeof(struct mgmt_cp_hci_cmd_sync) plus trailing bytes). Otherwise, large invalid params_len will cause hci_cmd_sync_alloc() to do skb_put_data() from an area beyond the one actually passed to mgmt_hci_cmd_sync().