Linux Kernel Bluetooth Subsystem Use-After-Free Vulnerability in Connection Parameter Handling

A use-after-free vulnerability has been addressed in the Bluetooth subsystem of the Linux kernel. This issue arose in the handling of connection parameters for isochronous groups, specifically within the 'set_cig_params_sync' function of the 'hci_conn' component. The vulnerability was caused by a lack of proper locking, which allowed the 'hci_conn' object to be concurrently modified or deleted while it was being accessed. To resolve this, the 'hci_dev_lock' has been introduced to ensure safe access to the connection object, preventing it from being freed or altered during critical operations.

Impact

Exploitation of this vulnerability could lead to a use-after-free condition, potentially allowing for arbitrary code execution or memory corruption.