Unrated severityNVD Advisory· Published Jul 28, 2011· Updated Jun 16, 2026
CVE-2011-2492
CVE-2011-2492
Description
The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
11cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: <3.0
- cpe:2.3:o:linux:linux_kernel:3.0:-:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.0:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.0:rc3:*:*:*:*:*:*
- (no CPE)range: <3.0-rc4
cpe:2.3:o:redhat:enterprise_linux_aus:5.6:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_aus:5.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:5.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
9- www.openwall.com/lists/oss-security/2011/06/24/2nvdMailing ListPatchThird Party Advisory
- www.openwall.com/lists/oss-security/2011/06/24/3nvdMailing ListPatchThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party Advisory
- marc.infonvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2011-0927.htmlnvdThird Party Advisory
- securitytracker.com/idnvdThird Party AdvisoryVDB Entry
- permalink.gmane.org/gmane.linux.bluez.kernel/12909nvdBroken Link
- www.kernel.org/pub/linux/kernel/v3.0/testing/ChangeLog-3.0-rc4nvdBroken Link
- git.kernel.orgnvd
News mentions
0No linked articles in our index yet.