Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 458752 - Kernel : Bluetooth HIDP "hidp_setup_hid()" Information Disclosure Vulnerability (CVE-2013-0349)
Summary: Kernel : Bluetooth HIDP "hidp_setup_hid()" Information Disclosure Vulnerabili...
Status: RESOLVED OBSOLETE
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Kernel Security
URL: https://secunia.com/advisories/52340/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-02-22 14:51 UTC by Agostino Sarubbo
Modified: 2018-04-04 18:33 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-02-22 14:51:33 UTC
From $URL :

Description
A vulnerability has been reported in Linux Kernel, which can be exploited by malicious, local users 
to gain knowledge of potentially sensitive information.

The vulnerability is caused due to an error in the HIDP Bluetooth implementation within the 
"hidp_setup_hid()" function (net/bluetooth/hidp/core.c) as the HID device name, physical location, 
and unique identifier variables may not be properly NULL terminated when handling long strings. 
This can be exploited to disclose memory content via a specially crafted program executing a 
ioctl(HIDPCONNADD) call.

Successful exploitation requires that the kernel is built with Bluetooth stack and HIDP support.

The vulnerability is reported in versions prior to 3.7.6, 3.4.29, 3.2.38, and 3.0.62


Solution
Update to version 3.7.6, 3.4.29, 3.2.38, or 3.0.62

Provided and/or discovered by
Anderson Lizardo

Original Advisory
Kernel.org:
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.7.6
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.29
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.38
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.62
Comment 1 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2018-04-04 18:33:22 UTC
There are no longer any 2.x or <3.7.6 kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security.