Re: [PATCH net] Bluetooth: ISO: drop ISO_END frames received without prior ISO_START

Next message: Sanjay Chitroda: "[PATCH v8 01/12] iio: ssp_sensors: cancel delayed work_refresh on remove"
Previous message: Konstantin Shabanov: "[PATCH v2 3/4] arm64: dts: qcom: Add HONOR MagicBook Art 14 device tree"
In reply to: David Carlier: "[PATCH net] Bluetooth: ISO: drop ISO_END frames received without prior ISO_START"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: patchwork-bot+bluetooth

Date: Fri May 15 2026 - 13:45:45 EST

Hello:

This patch was applied to bluetooth/bluetooth-next.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx>:

On Fri, 15 May 2026 07:25:25 +0100 you wrote:
> ISO data PDUs carry a packet-boundary flag indicating START, CONT, END
> or SINGLE. The ISO_CONT branch of iso_recv() guards against a missing
> ISO_START by checking conn->rx_len before touching conn->rx_skb, but
> ISO_END does not.
>
> If a peer sends an ISO_END as the first packet on a fresh ISO
> connection, conn->rx_skb is still NULL and conn->rx_len is zero, so
> skb_put(conn->rx_skb, ...) dereferences NULL and oopses. For BIS,
> where receivers sync to a broadcaster without pairing, any broadcaster
> on the air can trigger this.
>
> [...]

Here is the summary with links:
- [net] Bluetooth: ISO: drop ISO_END frames received without prior ISO_START
https://git.kernel.org/bluetooth/bluetooth-next/c/6aba94a49bc9

You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html