diff options
| author | 2025-04-03 17:16:55 +0000 | |
|---|---|---|
| committer | 2025-09-18 11:09:14 +0200 | |
| commit | 76f33e12e610bde76611bd013f5056e1b649bd16 (patch) | |
| tree | 211e34f248e9375ded72549b3cdbf680aa44f464 /floss/hcidoc | |
| parent | 4b73ee6039271ffbf71ebdc8c109fc98eac8e137 (diff) | |
[SP 2025-09-01] Fix use after free in acl_arbiterbanksia-dev
In SendPacketToPeer of acl_arbiter.cc, a buffer length is logged in one
case after an intermediate call may free the buffer, leading to use
after free.
Log instead from the buffer's source, which has not been freed at this
point in the code.
Bug: 406785684
Flag: EXEMPT obvious logic fix
Test: m libbluetooth
Test: researcher POC
Tag: #security
Change-Id: Idd13399c24399d01bcd668a4b779ef1980273691
(cherry picked from commit 243d7484e59730c522640b616445b2747b3062e5)
Diffstat (limited to 'floss/hcidoc')
0 files changed, 0 insertions, 0 deletions