Oval Definition:oval:com.ubuntu.precise:def:20112492000
Revision Date:2011-07-28Version:1
Title:CVE-2011-2492 on Ubuntu 12.04 LTS (precise) - low.
Description:The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c. It was discovered that Bluetooth l2cap and rfcomm did not correctly initialize structures. A local attacker could exploit this to read portions of the kernel stack, leading to a loss of privacy.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2011-2492
Platform(s):Ubuntu 12.04 LTS
Product(s):
Definition Synopsis
  • Ubuntu 12.04 LTS (precise) is installed.
  • AND Package Information
  • NOT While related to the CVE in some way, the 'linux' package in precise is not affected (note: '3.1.0-1.1').
  • OR NOT While related to the CVE in some way, the 'linux-ti-omap4' package in precise is not affected (note: '3.0.0-1401.2').
  • BACK