Description: Bluetooth: hci_conn_cleanup function has double free
References:
 https://www.openwall.com/lists/oss-security/2023/03/28/2
 https://lore.kernel.org/lkml/20230309074645.74309-1-wzhmmmmm@gmail.com/
 https://lore.kernel.org/linux-bluetooth/20230330220332.1035910-1-luiz.dentz@gmail.com/
Notes:
 bwh> Introduced in 6.3 by commit 0f00cd322d22 "Bluetooth: Free
 bwh> potentially unfreed SCO connection" and backported to 6.1.25.
 bwh> Since the fix was also backported in 6.1.25, neither sid nor
 bwh> 6.1-upstream-stable was ever affected.
 carnil> Upstream commit a85fb91e3d72 ("Bluetooth: Fix double free in
 carnil> hci_conn_cleanup") in 6.7-rc1 and backported to 6.6.3, 6.5.13,
 carnil> 6.1.64, 5.10.202 and 4.19.300 as well claim to fix the CVE.
 carnil> Unclear if this is a followup fix needed to completely fix the
 carnil> CVE, thus for now not considering it for tracking the fixed
 carnil> version. The fix will be pulled in the next round of updates
 carnil> anyway.
Bugs:
upstream: released (6.3-rc7) [5dc7d23e167e2882ef118456ceccd57873e876d8]
6.1-upstream-stable: released (6.1.25) [8c4b65f6c707bc07cbcd871667b5056821c5685d]
5.10-upstream-stable: N/A "Vulnerability introduced later"
4.19-upstream-stable: N/A "Vulnerability introduced later"
sid: N/A "Vulnerable code not present"
6.1-bookworm-security: N/A "Fixed before branch point"
5.10-bullseye-security: N/A "Vulnerability introduced later"
4.19-buster-security: N/A "Vulnerability introduced later"