LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

kernel: multiple vulnerabilities

Package(s):kernel CVE #(s):CVE-2011-2497 CVE-2011-2517
Created:July 12, 2011 Updated:September 13, 2011
Description: From the kernel patch by Dan Rosenberg:

A remote user can provide a small value for the command size field in the command header of an l2cap configuration request, resulting in an integer underflow when subtracting the size of the configuration request header. This results in copying a very large amount of data via memcpy() and destroying the kernel heap. Check for underflow. (CVE-2011-2497)

From the Red Hat bugzilla:

In both trigger_scan and sched_scan operations, we were checking for the SSID length before assigning the value correctly. Since the memory was just kzalloc'ed, the check was always failing and SSID with over 32 characters were allowed to go through. (CVE-2011-2517)

Alerts:
Red Hat RHSA-2011:1813-01 2011-12-13
Ubuntu USN-1286-1 2011-12-03
Ubuntu USN-1285-1 2011-11-29
Ubuntu USN-1281-1 2011-11-24
Ubuntu USN-1279-1 2011-11-24
Ubuntu USN-1278-1 2011-11-24
Ubuntu USN-1269-1 2011-11-21
Ubuntu USN-1274-1 2011-11-21
Ubuntu USN-1272-1 2011-11-21
Ubuntu USN-1256-1 2011-11-09
Ubuntu USN-1246-1 2011-10-25
Ubuntu USN-1245-1 2011-10-25
Ubuntu USN-1244-1 2011-10-25
Ubuntu USN-1241-1 2011-10-25
Ubuntu USN-1240-1 2011-10-25
Ubuntu USN-1239-1 2011-10-25
Ubuntu USN-1228-1 2011-10-12
Ubuntu USN-1227-1 2011-10-11
Ubuntu USN-1225-1 2011-10-04
Ubuntu USN-1220-1 2011-09-29
Ubuntu USN-1219-1 2011-09-29
CentOS CESA-2011:1212 2011-09-22
Debian DSA-2310-1 2011-09-22
Ubuntu USN-1253-1 2011-11-08
Red Hat RHSA-2011:1253-01 2011-09-12
Debian DSA-2303-2 2011-09-10
Scientific Linux SL-kern-20110906 2011-09-06
Debian DSA-2303-1 2011-09-08
Red Hat RHSA-2011:1212-01 2011-09-06
Scientific Linux SL-kern-20110823 2011-08-23
Red Hat RHSA-2011:1189-01 2011-08-23
Fedora FEDORA-2011-11103 2011-08-18
SUSE SUSE-SU-2011:0832-1 2011-07-25
SUSE SUSE-SA:2011:031 2011-07-25
Fedora FEDORA-2011-9130 2011-07-08
Oracle ELSA-2012-0150 2012-03-07
openSUSE openSUSE-SU-2012:0799-1 2012-06-28
openSUSE openSUSE-SU-2012:1439-1 2012-11-05
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds