CVE-2012-6544 Information

Description

The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation.

Reference

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3f68ba07b1da811bf383b4b701b129bfcb2e4988 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=792039c73cf176c8e39a6e8beef2c94ff46522ed http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e15ca9a0ef9a86f0477530b0f44a725d67f889ee http://rhn.redhat.com/errata/RHSA-2013-1173.html http://www.openwall.com/lists/oss-security/2013/03/05/13 http://www.ubuntu.com/usn/USN-1805-1 http://www.ubuntu.com/usn/USN-1808-1 https://github.com/torvalds/linux/commit/3f68ba07b1da811bf383b4b701b129bfcb2e4988 https://github.com/torvalds/linux/commit/792039c73cf176c8e39a6e8beef2c94ff46522ed https://github.com/torvalds/linux/commit/e15ca9a0ef9a86f0477530b0f44a725d67f889ee https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2