[CVE-2011-2492] Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.
Andy Whitcroft
apw at canonical.com
Fri Aug 5 10:48:55 UTC 2011
CVE-2011-2492
The bluetooth subsystem in the Linux kernel before 3.0-rc4
does not properly initialize certain data structures,
which allows local users to obtain potentially sensitive
information from kernel memory via a crafted getsockopt system
call, related to (1) the l2cap_sock_getsockopt_old function in
net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old
function in net/bluetooth/rfcomm/sock.c.
This fix has reached oneiric via upstream. Following this email is a
patch for hardy, lucid, lucid/fsl-imx51, maverick, maverick/ti-omap4,
natty, and natty/ti-omap4. This patch is a simple backport from the
mainline commit and identicle for all releases.
Proposing for hardy, lucid, lucid/fsl-imx51, maverick, maverick/ti-omap4,
natty, and natty/ti-omap4.
-apw
More information about the kernel-team
mailing list