The L2CAP and HCI setsockopt() implementations have a small information
leak that makes it possible to leak kernel stack memory to userspace.
If the optlen parameter is 0, no data will be copied by copy_from_user(),
but the uninitialized stack buffer will be read and stored later. A call
to getsockopt() can now retrieve the leaked information.
To fix this problem the stack buffer given to copy_from_user() must be
initialized with the current settings.
Signed-off-by: Marcel Holtmann <email@example.com>
The weaknesses are reported in versions prior to 188.8.131.52.
Update to version 184.108.40.206.
According to git commit 0878b6667f28772aa7d6b735abff53efc7bf6d91 2.6.* was also vulnerable. It was patched in 2.6.22.
[linux < 2.6.22]
We don't have 2.6.22 kernels anymore on portage. Looks we can close this bug.