CVE-2012-6545

low

Description

The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application.

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9344a972961d1a6d2c04d9008b13617bcb6ec2ef

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9ad2de43f1aee7e7274a4e0d41465489299e344b

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f9432c5ec8b1e9a09b9b0e5569e3c73db8de432a

http://rhn.redhat.com/errata/RHSA-2013-1645.html

http://www.openwall.com/lists/oss-security/2013/03/05/13

http://www.ubuntu.com/usn/USN-1805-1

http://www.ubuntu.com/usn/USN-1808-1

https://github.com/torvalds/linux/commit/9344a972961d1a6d2c04d9008b13617bcb6ec2ef

https://github.com/torvalds/linux/commit/9ad2de43f1aee7e7274a4e0d41465489299e344b

https://github.com/torvalds/linux/commit/f9432c5ec8b1e9a09b9b0e5569e3c73db8de432a

https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2

Details

Source: MITRE

Published: 2013-03-15

Updated: 2019-04-22

Type: CWE-200

Risk Information

CVSS v2

Base Score: 1.9

Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.4

Severity: LOW