Description
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} Similar to commit d0be8347c623 ("Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put"), just use l2cap_chan_hold_unless_zero to prevent referencing a channel that is about to be destroyed.
Product status
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before f2d38e77aa5f3effc143e7dd24da8acf02925958
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 1351551aa9058e07a20a27a158270cf84fcde621
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before c02421992505c95c7f3c9ad59ee35e22eac60988
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before d9ba36c22a7bb09d6bac4cc2f243eff05da53f43
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before ac6725a634f7e8c0330610a8527f20c730b61115
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 348d446762e7c70778df8bafbdf3fa0df2123f58
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before d82a439c3cfdb28aa7e82e2e849c5c4dd9fca284
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before a2a9339e1c9deb7e1e079e12e27a0265aea8421a
4.14.313 (semver)
4.19.281 (semver)
5.4.241 (semver)
5.10.178 (semver)
5.15.108 (semver)
6.1.25 (semver)
6.2.12 (semver)
6.3 (original_commit_for_fix)
References
git.kernel.org/...c/f2d38e77aa5f3effc143e7dd24da8acf02925958
git.kernel.org/...c/1351551aa9058e07a20a27a158270cf84fcde621
git.kernel.org/...c/c02421992505c95c7f3c9ad59ee35e22eac60988
git.kernel.org/...c/d9ba36c22a7bb09d6bac4cc2f243eff05da53f43
git.kernel.org/...c/ac6725a634f7e8c0330610a8527f20c730b61115
git.kernel.org/...c/348d446762e7c70778df8bafbdf3fa0df2123f58
git.kernel.org/...c/d82a439c3cfdb28aa7e82e2e849c5c4dd9fca284
git.kernel.org/...c/a2a9339e1c9deb7e1e079e12e27a0265aea8421a
