Hello:
This patch was applied to bluetooth/bluez.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx>:
On Sun, 10 Aug 2025 14:39:10 +0300 you wrote:
> setup_free() may re-enable the CIG update callback. If this occurs in
> bap_data_free(), the callback crashes with UAF.
>
> Fix by moving clearing the callback after all setups are freed.
> ---
> profiles/audio/bap.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
Here is the summary with links:
- [BlueZ] bap: remove bap_update_cigs callback properly whan data is freed
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=bf5ec167b66f
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
