The L2CAP and HCI setsockopt() implementations have a small information leak that makes it possible to leak kernel stack memory to userspace. If the optlen parameter is 0, no data will be copied by copy_from_user(), but the uninitialized stack buffer will be read and stored later. A call to getsockopt() can now retrieve the leaked information. To fix this problem the stack buffer given to copy_from_user() must be initialized with the current settings. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
http://secunia.com/advisories/24976/ http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.34.3 The weaknesses are reported in versions prior to 2.4.34.3. Solution: Update to version 2.4.34.3.
According to git commit 0878b6667f28772aa7d6b735abff53efc7bf6d91 2.6.* was also vulnerable. It was patched in 2.6.22. metadata: [linux < 2.6.22]
We don't have 2.6.22 kernels anymore on portage. Looks we can close this bug.
