[CVE-2011-2497] Bluetooth: Prevent buffer overflow in l2cap config request
apw at canonical.com
Mon Sep 19 10:43:13 UTC 2011
Integer underflow in the l2cap_config_req function in
net/bluetooth/l2cap_core.c in the Linux kernel before 3.0 allows
remote attackers to cause a denial of service (heap memory
corruption) or possibly have unspecified other impact via a small
command-size value within the command header of a Logical Link
Control and Adaptation Protocol (L2CAP) configuration request,
leading to a buffer overflow.
Fixes for this issue have hit oneiric via maineline. Following this email
is a patch for hardy, lucid, lucid/fsl-imx51, maverick, maverick/ti-omap4,
natty, natty/ti-omap4. This is a simple backport from mainline.
Proposing for hardy, lucid, lucid/fsl-imx51, maverick, maverick/ti-omap4,
More information about the kernel-team