CVE-2011-2492

Current Description

The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c.

Basic Data

PublishedJuly 28, 2011
Last ModifiedJuly 31, 2020
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-200
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:M/Au:N/C:P/I:N/A:N
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score1.9
SeverityLOW
Exploitability Score3.4
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSLinuxLinux Kernel********3.0
    2.3OSLinuxLinux Kernel3.0-******
    2.3OSLinuxLinux Kernel3.0rc1******
    2.3OSLinuxLinux Kernel3.0rc2******
    2.3OSLinuxLinux Kernel3.0rc3******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSRedhatEnterprise Linux Aus5.6*******
    2.3OSRedhatEnterprise Linux Desktop5.0*******
    2.3OSRedhatEnterprise Linux Eus5.6*******
    2.3OSRedhatEnterprise Linux Server5.0*******
    2.3OSRedhatEnterprise Linux Workstation5.0*******

Vulnerable Software List

VendorProductVersions
Redhat Enterprise Linux Workstation 5.0
Redhat Enterprise Linux Eus 5.6
Redhat Enterprise Linux Desktop 5.0
Redhat Enterprise Linux Aus 5.6
Redhat Enterprise Linux Server 5.0
Linux Linux Kernel *, 3.0

References

NameSourceURLTags
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8d03e971cf403305217b8e62db3a2e5ad2d6263fhttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8d03e971cf403305217b8e62CONFIRMPatch Vendor Advisory
HPSBGN02970http://marc.info/?l=bugtraq&m=139447903326211&w=2HPThird Party Advisory
[linux-bluetooth] 20110508 Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.http://permalink.gmane.org/gmane.linux.bluez.kernel/12909MLISTBroken Link
RHSA-2011:0927http://rhn.redhat.com/errata/RHSA-2011-0927.htmlREDHATThird Party Advisory
1025778http://securitytracker.com/id?1025778SECTRACKThird Party Advisory VDB Entry
http://www.kernel.org/pub/linux/kernel/v3.0/testing/ChangeLog-3.0-rc4http://www.kernel.org/pub/linux/kernel/v3.0/testing/ChangeLog-3.0-rc4CONFIRMBroken Link
[oss-security] 20110624 CVE request: kernel: bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspacehttp://www.openwall.com/lists/oss-security/2011/06/24/2MLISTMailing List Patch Third Party Advisory
[oss-security] 20110624 Re: CVE request: kernel: bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspacehttp://www.openwall.com/lists/oss-security/2011/06/24/3MLISTMailing List Patch Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=703019https://bugzilla.redhat.com/show_bug.cgi?id=703019CONFIRMIssue Tracking Patch Third Party Advisory