Some errors in net/wireless/nl80211.c when processing SSID strings can be exploited to cause a buffer overflow via an overly long string.
I believe this is related to the same advisory: An integer underflow error within the "l2cap_config_req()" function in net/bluetooth/l2cap_core.c when handling a l2cap configuration request can be exploited to cause a buffer overflow. Successful exploitation of the net/wireless/nl80211.c vulnerability requires "CAP_NET_ADMIN" capabilities. It is undetermined whether the above vulnerability does as well. Original Advisory: http://marc.info/?l=linux-kernel&m=130891911909436&w=2 Patch for l2cap_core.c vuln: http://marc.info/?l=linux-bluetooth&m=130891949809746&w=2
There are no longer any 2.x kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security.