Information disclosure in Linux Linux_kernel

CVE-2011-2492

The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call…

Vulnerability class: Information Disclosure

EPSS: 0.001 (17.7th percentile) — read the EPSS interpretation.

Affected products

Linux Linux_kernel — versions 3.0
Redhat Enterprise_linux_aus — versions 5.6
Redhat Enterprise_linux_desktop — versions 5.0
Redhat Enterprise_linux_eus — versions 5.6
Redhat Enterprise_linux_server — versions 5.0
Redhat Enterprise_linux_workstation — versions 5.0
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

RHSA-2011:0927 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Third Party Advisory, Issue Tracking)
secalert@redhat.com (x_refsource_CONFIRM, Broken Link)
[oss-security] 20110624 Re: CVE request: kernel: bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace (mailing-list, x_refsource_MLIST, Patch, Mailing List, Third Party Advisory)
1025778 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
[oss-security] 20110624 CVE request: kernel: bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace (mailing-list, x_refsource_MLIST, Patch, Mailing List, Third Party Advisory)
[linux-bluetooth] 20110508 Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace. (mailing-list, x_refsource_MLIST, Broken Link)
HPSBGN02970 (x_refsource_HP, vendor-advisory, Third Party Advisory)