APPLIED: [CVE-2011-2497] Bluetooth: Prevent buffer overflow in l2cap config request
Tim Gardner
tim.gardner at canonical.com
Mon Sep 19 13:11:42 UTC 2011
On 09/19/2011 04:43 AM, Andy Whitcroft wrote:
> CVE-2011-2497
> Integer underflow in the l2cap_config_req function in
> net/bluetooth/l2cap_core.c in the Linux kernel before 3.0 allows
> remote attackers to cause a denial of service (heap memory
> corruption) or possibly have unspecified other impact via a small
> command-size value within the command header of a Logical Link
> Control and Adaptation Protocol (L2CAP) configuration request,
> leading to a buffer overflow.
>
> Fixes for this issue have hit oneiric via maineline. Following this email
> is a patch for hardy, lucid, lucid/fsl-imx51, maverick, maverick/ti-omap4,
> natty, natty/ti-omap4. This is a simple backport from mainline.
>
> Proposing for hardy, lucid, lucid/fsl-imx51, maverick, maverick/ti-omap4,
> natty, natty/ti-omap4.
>
> -apw
>
--
Tim Gardner tim.gardner at canonical.com
More information about the kernel-team
mailing list