APPLIED: [CVE-2011-1079] Bluetooth: bnep: fix buffer overflow
Tim Gardner
tim.gardner at canonical.com
Tue Jul 26 20:29:53 UTC 2011
On 07/26/2011 12:51 PM, Andy Whitcroft wrote:
> CVE-2011-1079
> Struct ca is copied from userspace. It is not checked whether the
> "device" field is NULL terminated. This potentially leads to BUG()
> inside of alloc_netdev_mqs() and/or information leak by creating
> a device with a name made of contents of kernel stack.
>
> The fix for this CVE has reached lucid and later via mainline and stable
> updates. Following this email are two patches, one for hardy, and one
> for lucid/fsl-imx51 and maverick/ti-omap4. Both are simply cherry-picks
> they only differ in context.
>
> Proposing for hardy, lucid/fsl-imx51, and maverick/ti-omap4.
>
> -apw
>
--
Tim Gardner tim.gardner at canonical.com
More information about the kernel-team
mailing list