Linux Kernel Bluetooth L2CAP Null Pointer Dereference Vulnerability

A null pointer dereference vulnerability has been identified in the Bluetooth L2CAP implementation of the Linux kernel. This issue arises in the 'l2cap_sock_new_connection_cb()' function, where a missing null check can lead to a dereference of a null pointer. The vulnerability has been addressed by adding a null guard, similar to those already present in the 'l2cap_sock_resume_cb()' and 'l2cap_sock_ready_cb()' functions.

Impact

Exploitation of this vulnerability can lead to a null pointer dereference, causing a crash or undefined behavior in the application.

Reproduction

The vulnerability can be reproduced by invoking the 'l2cap_sock_new_connection_cb()' function with a 'chan' parameter that has a null 'data' field. This can be done by creating an L2CAP channel operation that does not properly initialize the 'data' field before the callback is called.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.