CVE-2024-58009

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc<br /> <br /> A NULL sock pointer is passed into l2cap_sock_alloc() when it is called<br /> from l2cap_sock_new_connection_cb() and the error handling paths should<br /> also be aware of it.<br /> <br /> Seemingly a more elegant solution would be to swap bt_sock_alloc() and<br /> l2cap_chan_create() calls since they are not interdependent to that moment<br /> but then l2cap_chan_create() adds the soon to be deallocated and still<br /> dummy-initialized channel to the global list accessible by many L2CAP<br /> paths. The channel would be removed from the list in short period of time<br /> but be a bit more straight-forward here and just check for NULL instead of<br /> changing the order of function calls.<br /> <br /> Found by Linux Verification Center (linuxtesting.org) with SVACE static<br /> analysis tool.