Acknowledged
Created: Dec 16, 2025
Updated: Dec 18, 2025
Found In Version: 10.25.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 25
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]Bluetooth: btusb: mediatek: Avoid btusb_mtk_claim_iso_intf() NULL deref[EOL][EOL]In btusb_mtk_setup(), we set `btmtk_data->isopkt_intf` to:[EOL] usb_ifnum_to_if(data->udev, MTK_ISO_IFNUM)[EOL][EOL]That function can return NULL in some cases. Even when it returns[EOL]NULL, though, we still go on to call btusb_mtk_claim_iso_intf().[EOL][EOL]As of commit e9087e828827 ("Bluetooth: btusb: mediatek: Add locks for[EOL]usb_driver_claim_interface()"), calling btusb_mtk_claim_iso_intf()[EOL]when `btmtk_data->isopkt_intf` is NULL will cause a crash because[EOL]we'll end up passing a bad pointer to device_lock(). Prior to that[EOL]commit we'd pass the NULL pointer directly to[EOL]usb_driver_claim_interface() which would detect it and return an[EOL]error, which was handled.[EOL][EOL]Resolve the crash in btusb_mtk_claim_iso_intf() by adding a NULL check[EOL]at the start of the function. This makes the code handle a NULL[EOL]`btmtk_data->isopkt_intf` the same way it did before the problematic[EOL]commit (just with a slight change to the error message printed).
