CVE-2012-6544

high

Description

The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation.

References

https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2

https://github.com/torvalds/linux/commit/e15ca9a0ef9a86f0477530b0f44a725d67f889ee

https://github.com/torvalds/linux/commit/792039c73cf176c8e39a6e8beef2c94ff46522ed

https://github.com/torvalds/linux/commit/3f68ba07b1da811bf383b4b701b129bfcb2e4988

http://www.ubuntu.com/usn/USN-1808-1

http://www.ubuntu.com/usn/USN-1805-1

http://www.openwall.com/lists/oss-security/2013/03/05/13

http://rhn.redhat.com/errata/RHSA-2013-1173.html

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e15ca9a0ef9a86f0477530b0f44a725d67f889ee

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=792039c73cf176c8e39a6e8beef2c94ff46522ed

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3f68ba07b1da811bf383b4b701b129bfcb2e4988

Details

Source: Mitre, NVD

Published: 2013-03-15

Updated: 2023-11-07

Risk Information

CVSS v2

Base Score: 1.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Severity: High