CVE-2025-68298

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Bluetooth: btusb: mediatek: Avoid btusb_mtk_claim_iso_intf() NULL deref<br /> <br /> In btusb_mtk_setup(), we set `btmtk_data-&gt;isopkt_intf` to:<br /> usb_ifnum_to_if(data-&gt;udev, MTK_ISO_IFNUM)<br /> <br /> That function can return NULL in some cases. Even when it returns<br /> NULL, though, we still go on to call btusb_mtk_claim_iso_intf().<br /> <br /> As of commit e9087e828827 ("Bluetooth: btusb: mediatek: Add locks for<br /> usb_driver_claim_interface()"), calling btusb_mtk_claim_iso_intf()<br /> when `btmtk_data-&gt;isopkt_intf` is NULL will cause a crash because<br /> we&amp;#39;ll end up passing a bad pointer to device_lock(). Prior to that<br /> commit we&amp;#39;d pass the NULL pointer directly to<br /> usb_driver_claim_interface() which would detect it and return an<br /> error, which was handled.<br /> <br /> Resolve the crash in btusb_mtk_claim_iso_intf() by adding a NULL check<br /> at the start of the function. This makes the code handle a NULL<br /> `btmtk_data-&gt;isopkt_intf` the same way it did before the problematic<br /> commit (just with a slight change to the error message printed).