Upstream information
Description
In the Linux kernel, the following vulnerability has been resolved:Bluetooth: hci_event: Fix using rcu_read_(un)lock while iterating
The usage of rcu_read_(un)lock while inside list_for_each_entry_rcu is
not safe since for the most part entries fetched this way shall be
treated as rcu_dereference:
Note that the value returned by rcu_dereference() is valid
only within the enclosing RCU read-side critical section [1]_.
For example, the following is **not** legal::
rcu_read_lock();
p = rcu_dereference(head.next);
rcu_read_unlock();
x = p->address; /* BUG!!! */
rcu_read_lock();
y = p->data; /* BUG!!! */
rcu_read_unlock();
SUSE information
Overall state of this security issue: Does not affect SUSE products
SUSE Bugzilla entry: 1235532 [NEW] No SUSE Security Announcements cross referenced.SUSE Timeline for this CVE
CVE page created: Thu Jan 9 12:14:08 2025CVE page last modified: Thu Jan 9 12:14:08 2025