CVE-2011-2492
published 2011-07-28CVE-2011-2492: The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially…
low1.9CVSS 3.1
AVLACMAuNCPINAN
The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | < 3.0 | 3.0 |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 3.11.0-12.19 | 3.11.0-12.19 |
| redhat | enterprise_linux_aus | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
CVSS provenance
nvd1.9LOWAV:L/AC:M/Au:N/C:P/I:N/A:N
osv1.9LOW