[CVE-2011-1079] Bluetooth: bnep: fix buffer overflow
Andy Whitcroft
apw at canonical.com
Tue Jul 26 18:51:11 UTC 2011
CVE-2011-1079
Struct ca is copied from userspace. It is not checked whether the
"device" field is NULL terminated. This potentially leads to BUG()
inside of alloc_netdev_mqs() and/or information leak by creating
a device with a name made of contents of kernel stack.
The fix for this CVE has reached lucid and later via mainline and stable
updates. Following this email are two patches, one for hardy, and one
for lucid/fsl-imx51 and maverick/ti-omap4. Both are simply cherry-picks
they only differ in context.
Proposing for hardy, lucid/fsl-imx51, and maverick/ti-omap4.
-apw
More information about the kernel-team
mailing list