Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2011-2497

Опубликовано: 24 июн. 2011
Источник: redhat
CVSS2: 8.3
EPSS Низкий

Описание

Integer underflow in the l2cap_config_req function in net/bluetooth/l2cap_core.c in the Linux kernel before 3.0 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a small command-size value within the command header of a Logical Link Control and Adaptation Protocol (L2CAP) configuration request, leading to a buffer overflow.

Отчет

This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 as they did not backport the upstream commit 5dee9e7c that introduced this issue. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1189.html, and https://rhn.redhat.com/errata/RHSA-2011-1253.html.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 4kernelNot affected
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelFixedRHSA-2011:118923.08.2011
Red Hat Enterprise MRG 2kernel-rtFixedRHSA-2011:125312.09.2011

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-190->CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=716805kernel: bluetooth: buffer overflow in l2cap config request

EPSS

Процентиль: 85%
0.02792
Низкий

8.3 High

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2011-2497

ubuntu
почти 14 лет назад

Integer underflow in the l2cap_config_req function in net/bluetooth/l2cap_core.c in the Linux kernel before 3.0 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a small command-size value within the command header of a Logical Link Control and Adaptation Protocol (L2CAP) configuration request, leading to a buffer overflow.

nvd логотип

CVE-2011-2497

nvd
почти 14 лет назад

Integer underflow in the l2cap_config_req function in net/bluetooth/l2cap_core.c in the Linux kernel before 3.0 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a small command-size value within the command header of a Logical Link Control and Adaptation Protocol (L2CAP) configuration request, leading to a buffer overflow.

debian логотип

CVE-2011-2497

debian
почти 14 лет назад

Integer underflow in the l2cap_config_req function in net/bluetooth/l2 ...

github логотип

GHSA-65mg-fq5m-qr37

github
около 3 лет назад

Integer underflow in the l2cap_config_req function in net/bluetooth/l2cap_core.c in the Linux kernel before 3.0 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a small command-size value within the command header of a Logical Link Control and Adaptation Protocol (L2CAP) configuration request, leading to a buffer overflow.

oracle-oval логотип

ELSA-2011-2025

oracle-oval
почти 14 лет назад

ELSA-2011-2025: Unbreakable Enterprise kernel security and bug fix update (IMPORTANT)

EPSS

Процентиль: 85%
0.02792
Низкий

8.3 High

CVSS2