CVE-2011-1079

CVSS v2.0 5.4 (Medium)

EPSS 0.04 % (5^th)

Affected Products 1

Advisories 19

The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory, or cause a denial of service (BUG and system crash), via a BNEPCONNADD command.

Weaknesses

CWE-20: Improper Input Validation

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2012-06-21 23:55:02
(12 years ago)
Updated Date: 2023-02-13 04:29:03
(19 months ago)

Affected Products

Linux

Linux Kernel

Configuration #1

	CPE23	Up To
Linux Kernel 2.6.38.8 and prior versions	cpe:2.3:o:linux:linux_kernel	<= 2.6.38.8
Linux Kernel 2.6.38	cpe:2.3:o:linux:linux_kernel:2.6.38
Linux Kernel 2.6.38 Rc1	cpe:2.3:o:linux:linux_kernel:2.6.38:rc1
Linux Kernel 2.6.38 Rc2	cpe:2.3:o:linux:linux_kernel:2.6.38:rc2
Linux Kernel 2.6.38 Rc3	cpe:2.3:o:linux:linux_kernel:2.6.38:rc3
Linux Kernel 2.6.38 Rc4	cpe:2.3:o:linux:linux_kernel:2.6.38:rc4
Linux Kernel 2.6.38 Rc5	cpe:2.3:o:linux:linux_kernel:2.6.38:rc5
Linux Kernel 2.6.38 Rc6	cpe:2.3:o:linux:linux_kernel:2.6.38:rc6
Linux Kernel 2.6.38 Rc7	cpe:2.3:o:linux:linux_kernel:2.6.38:rc7
Linux Kernel 2.6.38 Rc8	cpe:2.3:o:linux:linux_kernel:2.6.38:rc8
Linux Kernel 2.6.38.1	cpe:2.3:o:linux:linux_kernel:2.6.38.1
Linux Kernel 2.6.38.2	cpe:2.3:o:linux:linux_kernel:2.6.38.2
Linux Kernel 2.6.38.3	cpe:2.3:o:linux:linux_kernel:2.6.38.3
Linux Kernel 2.6.38.4	cpe:2.3:o:linux:linux_kernel:2.6.38.4
Linux Kernel 2.6.38.5	cpe:2.3:o:linux:linux_kernel:2.6.38.5
Linux Kernel 2.6.38.6	cpe:2.3:o:linux:linux_kernel:2.6.38.6
Linux Kernel 2.6.38.7	cpe:2.3:o:linux:linux_kernel:2.6.38.7