References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Change History

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: hci_qca: Use del_timer_sync() before freeing

While looking at a crash report on a timer list being corrupted, which
usually happens when a timer is freed while still active. This is
commonly triggered by code calling del_timer() instead of
del_timer_sync() just before freeing.

One possible culprit is the hci_qca driver, which does exactly that.

Eric mentioned that wake_retrans_timer could be rearmed via the work
q

https://git.kernel.org/stable/c/2717654ae022e6ea959a4b7b762702fe1a4690c2

https://git.kernel.org/stable/c/37d17f63d085d601011964ade7371aeebeb6ed4b

https://git.kernel.org/stable/c/4989bb03342941f2b730b37dfa38bce27b543661

https://git.kernel.org/stable/c/72ef98445aca568a81c2da050532500a8345ad3a

https://git.kernel.org/stable/c/db03727b4bbbbb36e6ef4cb655c670eefb6448e9