Upstream information

CVE-2011-2497 at MITRE

Description

Integer underflow in the l2cap_config_req function in net/bluetooth/l2cap_core.c in the Linux kernel before 3.0 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a small command-size value within the command header of a Logical Link Control and Adaptation Protocol (L2CAP) configuration request, leading to a buffer overflow.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 8.3
Vector AV:A/AC:L/Au:N/C:C/I:C/A:C
Access Vector Adjacent Network
Access Complexity Low
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete

Note from the SUSE Security Team

SUSE Linux Enterprise 10 is not affected by this issue, as it does not contain problematic code. SUSE Linux Enterprise Server 11 and openSUSE 11.3, 11.4 are affected and will receive updates.

SUSE Bugzilla entry: 702286 [RESOLVED / FIXED]

No SUSE Security Announcements cross referenced.