CVE-2011-1078

Priority
Description
The sco_sock_getsockopt_old function in net/bluetooth/sco.c in the Linux
kernel before 2.6.39 does not initialize a certain structure, which allows
local users to obtain potentially sensitive information from kernel stack
memory via the SCO_CONNINFO option.
Ubuntu-Description
Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear
memory. A local attacker could exploit this to read kernel stack memory,
leading to a loss of privacy.
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (2.6.39~rc1)
Patches:
Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2Fixed by c4c896e1471aec3b004a693c689f60be3b17ac86
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
More Information

Updated: 2019-01-14 21:56:33 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)