[PATCH] Bluetooth: btmtk: accept too short WMT FUNC_CTRL events
patchwork-bot+bluetooth at kernel.org
patchwork-bot+bluetooth at kernel.org
Mon May 11 07:30:04 PDT 2026
Hello:
This patch was applied to bluetooth/bluetooth-next.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz at intel.com>:
On Fri, 24 Apr 2026 22:24:29 +0300 you wrote:
> MT7925 (USB ID 0e8d:e025) on fw version 20260106153314 sends WMT
> FUNC_CTRL events that are missing the status field.
>
> Prior to commit 006b9943b982 ("Bluetooth: btmtk: validate WMT event SKB
> length before struct access") the status was read from out-of-bounds of
> SKB data, which usually would result to success with
> BTMTK_WMT_ON_UNDONE, although I don't know the intent here. The bounds
> check added in that commit returns with error instead, producing
> "Bluetooth: hci0: Failed to send wmt func ctrl (-22)" and makes the
> device unusable.
>
> [...]
Here is the summary with links:
- Bluetooth: btmtk: accept too short WMT FUNC_CTRL events
https://git.kernel.org/bluetooth/bluetooth-next/c/162b1adeb057
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
More information about the Linux-mediatek
mailing list