CVE-2011-2492

kernel: bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace

Severity Score

6.7

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c.

El subsistema de bluetooth en el kernel de Linux anteriores a v3.0-rc4 no inicializa correctamente algunas estructuras de datos, lo que permite a usuarios locales obtener información sensible de la memoria del kernel a través de una llamada getsockopt manipulada, en relación con (1) la función l2cap_sock_getsockopt_old en net/bluetooth/l2cap_sock.c y (2) la función rfcomm_sock_getsockopt_old en net/bluetooth/rfcomm/sock.c.

Updated kernel packages that fix several security issues, various bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. Using PCI passthrough without interrupt remapping support allowed KVM guests to generate MSI interrupts and thus potentially inject traps. A privileged guest user could use this flaw to crash the host or possibly escalate their privileges on the host. The fix for this issue can prevent PCI passthrough working and guests starting. Flaw in the client-side NLM implementation could allow a local, unprivileged user to cause a denial of service.

*Credits: N/A

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2011-06-15 CVE Reserved
2011-07-15 CVE Published
2011-09-14 First Exploit
2024-08-06 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (11)

URL	Tag	Source
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8d03e971cf403305217b8e62db3a2e5ad2d6263f	X_refsource_confirm
http://permalink.gmane.org/gmane.linux.bluez.kernel/12909	Broken Link
http://securitytracker.com/id?1025778	Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v3.0/testing/ChangeLog-3.0-rc4	Broken Link

URL	Date	SRC
https://packetstorm.news/files/id/105078	2011-09-14

URL	Date	SRC
http://www.openwall.com/lists/oss-security/2011/06/24/2	2023-02-13
http://www.openwall.com/lists/oss-security/2011/06/24/3	2023-02-13
https://bugzilla.redhat.com/show_bug.cgi?id=703019	2011-09-12

URL	Date	SRC
http://marc.info/?l=bugtraq&m=139447903326211&w=2	2023-02-13
http://rhn.redhat.com/errata/RHSA-2011-0927.html	2023-02-13
https://access.redhat.com/security/cve/CVE-2011-2492	2011-09-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 3.0 Search vendor "Linux" for product "Linux Kernel" and version " < 3.0"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				3.0 Search vendor "Linux" for product "Linux Kernel" and version "3.0"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				3.0 Search vendor "Linux" for product "Linux Kernel" and version "3.0"		rc1		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				3.0 Search vendor "Linux" for product "Linux Kernel" and version "3.0"		rc2		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				3.0 Search vendor "Linux" for product "Linux Kernel" and version "3.0"		rc3		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Aus Search vendor "Redhat" for product "Enterprise Linux Aus"				5.6 Search vendor "Redhat" for product "Enterprise Linux Aus" and version "5.6"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop"				5.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "5.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus"				5.6 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "5.6"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server"				5.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "5.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation"				5.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "5.0"		-		Affected