** Description changed:
- Linux kernel built with Bluetooth stack and HIDP support CONFIG_BT=y/m &
- CONFIG_BT_HIDP=y/m is vulnerable to an information disclosure flaw
- caused by wrongly initializing the hid_device->name, physical location
- and unique identifier variables. Information leakage happens if these
- variables are not NULL('\0') terminated. An unprivileged user/program
- could cause this via ioctl(HIDPCONNADD) call.
+ The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux
+ kernel before 3.7.6 does not properly copy a certain name field, which
+ allows local users to obtain sensitive information from kernel memory by
+ setting a long name and making an HIDPCONNADD ioctl call.
Break-Fix: - 0a9ab9bdb3e891762553f667066190c1d22ad62b
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1134503
Title:
CVE-2013-0349
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1134503/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
