CVE-2024-53238

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Bluetooth: btmtk: adjust the position to init iso data anchor<br /> <br /> MediaTek iso data anchor init should be moved to where MediaTek<br /> claims iso data interface.<br /> If there is an unexpected BT usb disconnect during setup flow,<br /> it will cause a NULL pointer crash issue when releasing iso<br /> anchor since the anchor wasn&amp;#39;t been init yet. Adjust the position<br /> to do iso data anchor init.<br /> <br /> [ 17.137991] pc : usb_kill_anchored_urbs+0x60/0x168<br /> [ 17.137998] lr : usb_kill_anchored_urbs+0x44/0x168<br /> [ 17.137999] sp : ffffffc0890cb5f0<br /> [ 17.138000] x29: ffffffc0890cb5f0 x28: ffffff80bb6c2e80<br /> [ 17.144081] gpio gpiochip0: registered chardev handle for 1 lines<br /> [ 17.148421] x27: 0000000000000000<br /> [ 17.148422] x26: ffffffd301ff4298 x25: 0000000000000003 x24: 00000000000000f0<br /> [ 17.148424] x23: 0000000000000000 x22: 00000000ffffffff x21: 0000000000000001<br /> [ 17.148425] x20: ffffffffffffffd8 x19: ffffff80c0f25560 x18: 0000000000000000<br /> [ 17.148427] x17: ffffffd33864e408 x16: ffffffd33808f7c8 x15: 0000000000200000<br /> [ 17.232789] x14: e0cd73cf80ffffff x13: 50f2137c0a0338c9 x12: 0000000000000001<br /> [ 17.239912] x11: 0000000080150011 x10: 0000000000000002 x9 : 0000000000000001<br /> [ 17.247035] x8 : 0000000000000000 x7 : 0000000000008080 x6 : 8080000000000000<br /> [ 17.254158] x5 : ffffffd33808ebc0 x4 : fffffffe033dcf20 x3 : 0000000080150011<br /> [ 17.261281] x2 : ffffff8087a91400 x1 : 0000000000000000 x0 : ffffff80c0f25588<br /> [ 17.268404] Call trace:<br /> [ 17.270841] usb_kill_anchored_urbs+0x60/0x168<br /> [ 17.275274] btusb_mtk_release_iso_intf+0x2c/0xd8 [btusb (HASH:5afe 6)]<br /> [ 17.284226] btusb_mtk_disconnect+0x14/0x28 [btusb (HASH:5afe 6)]<br /> [ 17.292652] btusb_disconnect+0x70/0x140 [btusb (HASH:5afe 6)]<br /> [ 17.300818] usb_unbind_interface+0xc4/0x240<br /> [ 17.305079] device_release_driver_internal+0x18c/0x258<br /> [ 17.310296] device_release_driver+0x1c/0x30<br /> [ 17.314557] bus_remove_device+0x140/0x160<br /> [ 17.318643] device_del+0x1c0/0x330<br /> [ 17.322121] usb_disable_device+0x80/0x180<br /> [ 17.326207] usb_disconnect+0xec/0x300<br /> [ 17.329948] hub_quiesce+0x80/0xd0<br /> [ 17.333339] hub_disconnect+0x44/0x190<br /> [ 17.337078] usb_unbind_interface+0xc4/0x240<br /> [ 17.341337] device_release_driver_internal+0x18c/0x258<br /> [ 17.346551] device_release_driver+0x1c/0x30<br /> [ 17.350810] usb_driver_release_interface+0x70/0x88<br /> [ 17.355677] proc_ioctl+0x13c/0x228<br /> [ 17.359157] proc_ioctl_default+0x50/0x80<br /> [ 17.363155] usbdev_ioctl+0x830/0xd08<br /> [ 17.366808] __arm64_sys_ioctl+0x94/0xd0<br /> [ 17.370723] invoke_syscall+0x6c/0xf8<br /> [ 17.374377] el0_svc_common+0x84/0xe0<br /> [ 17.378030] do_el0_svc+0x20/0x30<br /> [ 17.381334] el0_svc+0x34/0x60<br /> [ 17.384382] el0t_64_sync_handler+0x88/0xf0<br /> [ 17.388554] el0t_64_sync+0x180/0x188<br /> [ 17.392208] Code: f9400677 f100a2f4 54fffea0 d503201f (b8350288)<br /> [ 17.398289] ---[ end trace 0000000000000000 ]---