CVE-2025-68298
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: btusb: mediatek: Avoid btusb_mtk_claim_iso_intf() NULL deref
In btusb_mtk_setup(), we set btmtk_data->isopkt_intf to:
usb_ifnum_to_if(data->udev, MTK_ISO_IFNUM)
That function can return NULL in some cases. Even when it returns NULL, though, we still go on to call btusb_mtk_claim_iso_intf().
As of commit e9087e828827 ("Bluetooth: btusb: mediatek: Add locks for
usb_driver_claim_interface()"), calling btusb_mtk_claim_iso_intf()
when btmtk_data->isopkt_intf is NULL will cause a crash because
we'll end up passing a bad pointer to device_lock(). Prior to that
commit we'd pass the NULL pointer directly to
usb_driver_claim_interface() which would detect it and return an
error, which was handled.
Resolve the crash in btusb_mtk_claim_iso_intf() by adding a NULL check
at the start of the function. This makes the code handle a NULL
btmtk_data->isopkt_intf the same way it did before the problematic
commit (just with a slight change to the error message printed).
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 930e1790b99e5839e1af69d2f7fd808f1fba2df9 < 2fa09fe98ca3b114d66285f65f7e108fea131815 | affected |
| Linux | Linux | e9087e828827e5a5c85e124ce77503f2b81c3491 < c3b990e0b23068da65f0004cd38ee31f43f36460 | affected |
| Linux | Linux | e9087e828827e5a5c85e124ce77503f2b81c3491 < c884a0b27b4586e607431d86a1aa0bb4fb39169c | affected |
| Linux | Linux | 4194766ec8756f4f654d595ae49962acbac49490 | affected |
| Linux | Linux | 6.12.13 < 6.12.61 | affected |
| Linux | Linux | 6.13.2 < 6.14 | affected |
| Linux | Linux | 6.14 | affected |
| Linux | Linux | 0 < 6.14 | unaffected |
| Linux | Linux | 6.12.61 <= 6.12.* | unaffected |
| Linux | Linux | 6.17.11 <= 6.17.* | unaffected |
| Linux | Linux | 6.18 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/2fa09fe98ca3b114d66285f65f7e108fea131815
- https://git.kernel.org/stable/c/c3b990e0b23068da65f0004cd38ee31f43f36460
- https://git.kernel.org/stable/c/c884a0b27b4586e607431d86a1aa0bb4fb39169c
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.