[Bug 838423] [NEW] CVE-2011-2497

Kees Cook Wed, 31 Aug 2011 15:11:06 -0700

*** This bug is a security vulnerability ***

Public security bug reported:


Integer underflow in the l2cap_config_req function in
net/bluetooth/l2cap_core.c in the Linux kernel before 3.0 allows remote
attackers to cause a denial of service (heap memory corruption) or
possibly have unspecified other impact via a small command-size value
within the command header of a Logical Link Control and Adaptation
Protocol (L2CAP) configuration request, leading to a buffer overflow.

Break-Fix: - 7ac28817536797fd40e9646452183606f9e17f71

** Affects: linux (Ubuntu)
     Importance: Medium
         Status: New

** Affects: linux-ec2 (Ubuntu)
     Importance: Medium
         Status: Invalid

** Affects: linux-fsl-imx51 (Ubuntu)
     Importance: Medium
         Status: Invalid

** Affects: linux-lts-backport-maverick (Ubuntu)
     Importance: Medium
         Status: Invalid

** Affects: linux-lts-backport-natty (Ubuntu)
     Importance: Medium
         Status: Invalid

** Affects: linux-mvl-dove (Ubuntu)
     Importance: Medium
         Status: Invalid

** Affects: linux-ti-omap4 (Ubuntu)
     Importance: Medium
         Status: New

** Affects: linux (Ubuntu Lucid)
     Importance: Medium
         Status: New

** Affects: linux-ec2 (Ubuntu Lucid)
     Importance: Medium
         Status: New

** Affects: linux-fsl-imx51 (Ubuntu Lucid)
     Importance: Medium
         Status: New

** Affects: linux-lts-backport-maverick (Ubuntu Lucid)
     Importance: Medium
         Status: New

** Affects: linux-lts-backport-natty (Ubuntu Lucid)
     Importance: Medium
         Status: New

** Affects: linux-mvl-dove (Ubuntu Lucid)
     Importance: Medium
         Status: New

** Affects: linux-ti-omap4 (Ubuntu Lucid)
     Importance: Medium
         Status: Invalid

** Affects: linux (Ubuntu Maverick)
     Importance: Medium
         Status: New

** Affects: linux-ec2 (Ubuntu Maverick)
     Importance: Medium
         Status: Invalid

** Affects: linux-fsl-imx51 (Ubuntu Maverick)
     Importance: Medium
         Status: Invalid

** Affects: linux-lts-backport-maverick (Ubuntu Maverick)
     Importance: Medium
         Status: Invalid

** Affects: linux-lts-backport-natty (Ubuntu Maverick)
     Importance: Medium
         Status: Invalid

** Affects: linux-mvl-dove (Ubuntu Maverick)
     Importance: Medium
         Status: New

** Affects: linux-ti-omap4 (Ubuntu Maverick)
     Importance: Medium
         Status: New

** Affects: linux (Ubuntu Natty)
     Importance: Medium
         Status: New

** Affects: linux-ec2 (Ubuntu Natty)
     Importance: Medium
         Status: Invalid

** Affects: linux-fsl-imx51 (Ubuntu Natty)
     Importance: Medium
         Status: Invalid

** Affects: linux-lts-backport-maverick (Ubuntu Natty)
     Importance: Medium
         Status: Invalid

** Affects: linux-lts-backport-natty (Ubuntu Natty)
     Importance: Medium
         Status: Invalid

** Affects: linux-mvl-dove (Ubuntu Natty)
     Importance: Medium
         Status: Invalid

** Affects: linux-ti-omap4 (Ubuntu Natty)
     Importance: Medium
         Status: New

** Affects: linux (Ubuntu Oneiric)
     Importance: Medium
         Status: New

** Affects: linux-ec2 (Ubuntu Oneiric)
     Importance: Medium
         Status: Invalid

** Affects: linux-fsl-imx51 (Ubuntu Oneiric)
     Importance: Medium
         Status: Invalid

** Affects: linux-lts-backport-maverick (Ubuntu Oneiric)
     Importance: Medium
         Status: Invalid

** Affects: linux-lts-backport-natty (Ubuntu Oneiric)
     Importance: Medium
         Status: Invalid

** Affects: linux-mvl-dove (Ubuntu Oneiric)
     Importance: Medium
         Status: Invalid

** Affects: linux-ti-omap4 (Ubuntu Oneiric)
     Importance: Medium
         Status: New

** Affects: linux (Ubuntu Hardy)
     Importance: Medium
         Status: New

** Affects: linux-ec2 (Ubuntu Hardy)
     Importance: Medium
         Status: Invalid

** Affects: linux-fsl-imx51 (Ubuntu Hardy)
     Importance: Medium
         Status: Invalid

** Affects: linux-lts-backport-maverick (Ubuntu Hardy)
     Importance: Medium
         Status: Invalid

** Affects: linux-lts-backport-natty (Ubuntu Hardy)
     Importance: Medium
         Status: Invalid

** Affects: linux-mvl-dove (Ubuntu Hardy)
     Importance: Medium
         Status: Invalid

** Affects: linux-ti-omap4 (Ubuntu Hardy)
     Importance: Medium
         Status: Invalid


** Tags: kernel-cve-tracking-bug

** Tags added: kernel-cve-tracking-bug

** This bug has been flagged as a security vulnerability

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-2497

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/838423

Title:
  CVE-2011-2497

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/838423/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 838423] [NEW] CVE-2011-2497

Reply via email to