CVE-2011-2497

Published: 29 August 2011

Integer underflow in the l2cap_config_req function in net/bluetooth/l2cap_core.c in the Linux kernel before 3.0 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a small command-size value within the command header of a Logical Link Control and Adaptation Protocol (L2CAP) configuration request, leading to a buffer overflow.

From the Ubuntu security team

Dan Rosenberg discovered that the Bluetooth stack incorrectly handled certain L2CAP requests. If a system was using Bluetooth, a remote attacker could send specially crafted traffic to crash the system or gain root privileges.

Priority

Medium

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream
Released (3.0)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(3.11.0-12.19)
Patches:
Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Fixed by 7ac28817536797fd40e9646452183606f9e17f71
linux-ec2
Launchpad, Ubuntu, Debian
Upstream
Released (3.0)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-flo
Launchpad, Ubuntu, Debian
Upstream
Released (3.0)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [3.4.0-1.3])
linux-fsl-imx51
Launchpad, Ubuntu, Debian
Upstream
Released (3.0)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-goldfish
Launchpad, Ubuntu, Debian
Upstream
Released (3.0)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [3.4.0-1.7])
linux-grouper
Launchpad, Ubuntu, Debian
Upstream
Released (3.0)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [3.1.10-8.28])
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian
Upstream
Released (3.0)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-backport-natty
Launchpad, Ubuntu, Debian
Upstream
Released (3.0)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-backport-oneiric
Launchpad, Ubuntu, Debian
Upstream
Released (3.0)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-maguro
Launchpad, Ubuntu, Debian
Upstream
Released (3.0)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [3.0.0-3.18])
linux-mako
Launchpad, Ubuntu, Debian
Upstream
Released (3.0)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [3.4.0-3.21])
linux-manta
Launchpad, Ubuntu, Debian
Upstream
Released (3.0)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [3.4.0-4.19])
linux-mvl-dove
Launchpad, Ubuntu, Debian
Upstream
Released (3.0)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-ti-omap4
Launchpad, Ubuntu, Debian
Upstream
Released (3.0)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist