Re: Linux 4.19.0-rc3 Bluetooth out-of-bounds-read and use-after-free

[Greg KH <greg () kroah com>]

On Wed, Oct 31, 2018 at 03:11:38PM +0100, Solar Designer wrote:
> As you can see below, in one message the sender offered to coordinate
> with security@k.o and asked for a CVE ID.  However, this was in response
> to my questions about those aspects as it relates to the sender's other
> message, and I don't know whether the sender actually proceeded to
> coordinate with security@k.o (I tried asking the sender and got no
> response) and no CVE ID was assigned by distros (since the sender also
> didn't respond to my inquiry about security relevance).

security@k.o generally tells all people who submit syzbot reports to
just contact the upstream developers on their mailing list for issues
reported by that tool, as that is what the tool's team does.

And I think we did that for this report as well, but never heard
anything back :(

thanks,

greg k-h