CVE-2011-2492

CWE-200Information Exposure18 documents7 sources
Severity
1.9LOW
EPSS
0.1%
top 82.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Linux Linux KernelRedhat Enterprise Linux AUSRedhat Enterprise Linux Desktop+3 more
Timeline
PublishedJul 28
Latest updateMay 13

Description

The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c.

CVSS vector

AV:L/AC:M/C:P/I:N/A:NExploitability: 3.4 | Impact: 2.9

Affected Packages11 packages

NVDlinux/linux_kernel< 3.0+1
Ubuntulinux< 3.11.0-12.19
Ubuntulinux-flo< 3.4.0-1.3
Ubuntulinux-mako< 3.4.0-3.21
Ubuntulinux-manta< 3.4.0-4.19

Also affects: Enterprise Linux 5.6

Patches

Patch: www.openwall.comPatch: www.openwall.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-hp8m-j8qg-prr2: The bluetooth subsystem in the Linux kernel before 32022-05-13
CVEList
CVE-2011-2492: The bluetooth subsystem in the Linux kernel before 32011-07-28
OSV
CVE-2011-2492: The bluetooth subsystem in the Linux kernel before 32011-07-28

📋Vendor Advisories

13
Ubuntu
Linux kernel (Natty backport) vulnerabilities2011-11-09
Ubuntu
Linux kernel vulnerabilities2011-09-29
Ubuntu
Linux kernel (EC2) vulnerabilities2011-09-26
Ubuntu
Linux kernel (OMAP4) vulnerabilities2011-09-21
Ubuntu
Linux kernel vulnerabilities2011-09-21

💬Community

1
Bugzilla
CVE-2011-2492 kernel: bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace2011-05-09
CVE-2011-2492 (LOW CVSS 1.9) | The bluetooth subsystem in the Linu | cvebase.io