CVE-2019-3459: Infoleak

First published: Thu Jan 03 2019(Updated: )

A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.

Credit: security@debian.org security@debian.org

Affected Software	Affected Version	How to fix
redhat/kernel-rt	<0:3.10.0-1062.rt56.1022.el7	0:3.10.0-1062.rt56.1022.el7
redhat/kernel	<0:3.10.0-1062.el7	0:3.10.0-1062.el7
redhat/kernel-alt	<0:4.14.0-115.18.1.el7a	0:4.14.0-115.18.1.el7a
redhat/kernel-rt	<0:4.18.0-147.rt24.93.el8	0:4.18.0-147.rt24.93.el8
redhat/kernel	<0:4.18.0-147.el8	0:4.18.0-147.el8
Linux Linux kernel	<=5.1
Canonical Ubuntu Linux	=14.04
Canonical Ubuntu Linux	=16.04
Canonical Ubuntu Linux	=18.04
Canonical Ubuntu Linux	=18.10
Redhat Codeready Linux Builder	=8.0
Redhat Enterprise Linux	=5.0
Redhat Enterprise Linux	=6.0
Redhat Enterprise Linux	=7.0
Redhat Enterprise Linux	=8.0
Redhat Enterprise Linux Desktop	=7.0
Redhat Enterprise Linux Eus	=8.1
Redhat Enterprise Linux Eus	=8.2
Redhat Enterprise Linux Eus	=8.4
Redhat Enterprise Linux For Real Time	=7
Redhat Enterprise Linux For Real Time	=8
Redhat Enterprise Linux For Real Time For Nfv	=7
Redhat Enterprise Linux For Real Time For Nfv	=8
Redhat Enterprise Linux For Real Time For Nfv Tus	=8.2
Redhat Enterprise Linux For Real Time For Nfv Tus	=8.4
Redhat Enterprise Linux For Real Time Tus	=8.2
Redhat Enterprise Linux For Real Time Tus	=8.4
Redhat Enterprise Linux Server	=7.0
Redhat Enterprise Linux Server Aus	=8.2
Redhat Enterprise Linux Server Aus	=8.4
Redhat Enterprise Linux Server Tus	=8.2
Redhat Enterprise Linux Server Tus	=8.4
Redhat Enterprise Linux Workstation	=7.0
Redhat Enterprise Mrg	=2.0
Debian Debian Linux	=8.0
ubuntu/linux	<4.15.0-47.50	4.15.0-47.50
ubuntu/linux	<4.18.0-17.18	4.18.0-17.18
ubuntu/linux	<3.13.0-168.218	3.13.0-168.218
ubuntu/linux	<5.1~	5.1~
ubuntu/linux	<4.4.0-145.171	4.4.0-145.171
ubuntu/linux-aws	<4.15.0-1035.37	4.15.0-1035.37
ubuntu/linux-aws	<4.18.0-1012.14	4.18.0-1012.14
ubuntu/linux-aws	<4.4.0-1040.43	4.4.0-1040.43
ubuntu/linux-aws	<5.1~	5.1~
ubuntu/linux-aws	<4.4.0-1079.89	4.4.0-1079.89
ubuntu/linux-aws-hwe	<5.1~	5.1~
ubuntu/linux-aws-hwe	<4.15.0-1035.37~16.04.1	4.15.0-1035.37~16.04.1
ubuntu/linux-azure	<4.18.0-1014.14~18.04.1	4.18.0-1014.14~18.04.1
ubuntu/linux-azure	<4.18.0-1014.14	4.18.0-1014.14
ubuntu/linux-azure	<4.15.0-1041.45~14.04.1	4.15.0-1041.45~14.04.1
ubuntu/linux-azure	<5.1~	5.1~
ubuntu/linux-azure	<4.15.0-1041.45	4.15.0-1041.45
ubuntu/linux-azure-edge	<4.18.0-1014.14~18.04.1	4.18.0-1014.14~18.04.1
ubuntu/linux-azure-edge	<5.1~	5.1~
ubuntu/linux-azure-edge	<4.15.0-1041.45	4.15.0-1041.45
ubuntu/linux-euclid	<5.1~	5.1~
ubuntu/linux-flo	<5.1~	5.1~
ubuntu/linux-gcp	<4.15.0-1029.31	4.15.0-1029.31
ubuntu/linux-gcp	<4.18.0-1008.9	4.18.0-1008.9
ubuntu/linux-gcp	<5.1~	5.1~
ubuntu/linux-gcp	<4.15.0-1029.31~16.04.1	4.15.0-1029.31~16.04.1
ubuntu/linux-gcp-edge	<4.18.0-1008.9~18.04.1	4.18.0-1008.9~18.04.1
ubuntu/linux-gcp-edge	<5.1~	5.1~
ubuntu/linux-gke	<5.1~	5.1~
ubuntu/linux-goldfish	<5.1~	5.1~
ubuntu/linux-grouper	<5.1~	5.1~
ubuntu/linux-hwe	<4.18.0-17.18~18.04.1	4.18.0-17.18~18.04.1
ubuntu/linux-hwe	<5.1~	5.1~
ubuntu/linux-hwe	<4.15.0-47.50~16.04.1	4.15.0-47.50~16.04.1
ubuntu/linux-hwe-edge	<5.1~	5.1~
ubuntu/linux-hwe-edge	<4.15.0-47.50~16.04.1	4.15.0-47.50~16.04.1
ubuntu/linux-kvm	<4.15.0-1031.31	4.15.0-1031.31
ubuntu/linux-kvm	<4.18.0-1009.9	4.18.0-1009.9
ubuntu/linux-kvm	<5.1~	5.1~
ubuntu/linux-kvm	<4.4.0-1043.49	4.4.0-1043.49
ubuntu/linux-lts-trusty	<5.1~	5.1~
ubuntu/linux-lts-utopic	<5.1~	5.1~
ubuntu/linux-lts-vivid	<5.1~	5.1~
ubuntu/linux-lts-wily	<5.1~	5.1~
ubuntu/linux-lts-xenial	<4.4.0-144.170~14.04.1	4.4.0-144.170~14.04.1
ubuntu/linux-lts-xenial	<5.1~	5.1~
ubuntu/linux-maguro	<5.1~	5.1~
ubuntu/linux-mako	<5.1~	5.1~
ubuntu/linux-manta	<5.1~	5.1~
ubuntu/linux-oem	<4.15.0-1035.40	4.15.0-1035.40
ubuntu/linux-oem	<4.15.0-1035.40	4.15.0-1035.40
ubuntu/linux-oem	<5.1~	5.1~
ubuntu/linux-oracle	<4.15.0-1010.12	4.15.0-1010.12
ubuntu/linux-oracle	<4.15.0-1010.12	4.15.0-1010.12
ubuntu/linux-oracle	<5.1~	5.1~
ubuntu/linux-oracle	<4.15.0-1010.12~16.04.1	4.15.0-1010.12~16.04.1
ubuntu/linux-raspi2	<4.15.0-1033.35	4.15.0-1033.35
ubuntu/linux-raspi2	<4.18.0-1011.13	4.18.0-1011.13
ubuntu/linux-raspi2	<5.1~	5.1~
ubuntu/linux-raspi2	<4.4.0-1106.114	4.4.0-1106.114
ubuntu/linux-snapdragon	<4.15.0-1053.57	4.15.0-1053.57
ubuntu/linux-snapdragon	<5.1~	5.1~
ubuntu/linux-snapdragon	<4.4.0-1110.115	4.4.0-1110.115
debian/linux		4.19.249-2 4.19.304-1 5.10.209-2 5.10.205-2 6.1.76-1 6.1.85-1 6.6.15-2 6.7.12-1

Remedy

- Disabling the bluetooth hardware in the bios. - Prevent loading of the bluetooth kernel modules. - Disable the bluetooth connection by putting the system in "airport" mode.

Remedy

https://git.kernel.org/linus/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

collector/redhat-cve
collector/nvd-index
agent/type
agent/first-publish-date
agent/last-modified-date
collector/launchpad-cve
source/Launchpad
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2019-3459
agent/author
agent/weakness
agent/references
agent/severity
agent/remedy
agent/tags
agent/description
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
agent/event
collector/security-tracker-debian
source/Debian
agent/softwarecombine
collector/usn-cve
source/Ubuntu
package-manager/redhat
vendor/linux
canonical/linux linux kernel
version/linux linux kernel/5.1
vendor/canonical
canonical/canonical ubuntu linux
version/canonical ubuntu linux/14.04
version/canonical ubuntu linux/16.04
version/canonical ubuntu linux/18.04
version/canonical ubuntu linux/18.10
vendor/redhat
canonical/redhat codeready linux builder
version/redhat codeready linux builder/8.0
canonical/redhat enterprise linux
version/redhat enterprise linux/5.0
version/redhat enterprise linux/6.0
version/redhat enterprise linux/7.0
version/redhat enterprise linux/8.0
canonical/redhat enterprise linux desktop
version/redhat enterprise linux desktop/7.0
canonical/redhat enterprise linux eus
version/redhat enterprise linux eus/8.1
version/redhat enterprise linux eus/8.2
version/redhat enterprise linux eus/8.4
canonical/redhat enterprise linux for real time
version/redhat enterprise linux for real time/7
version/redhat enterprise linux for real time/8
canonical/redhat enterprise linux for real time for nfv
version/redhat enterprise linux for real time for nfv/7
version/redhat enterprise linux for real time for nfv/8
canonical/redhat enterprise linux for real time for nfv tus
version/redhat enterprise linux for real time for nfv tus/8.2
version/redhat enterprise linux for real time for nfv tus/8.4
canonical/redhat enterprise linux for real time tus
version/redhat enterprise linux for real time tus/8.2
version/redhat enterprise linux for real time tus/8.4
canonical/redhat enterprise linux server
version/redhat enterprise linux server/7.0
canonical/redhat enterprise linux server aus
version/redhat enterprise linux server aus/8.2
version/redhat enterprise linux server aus/8.4
canonical/redhat enterprise linux server tus
version/redhat enterprise linux server tus/8.2
version/redhat enterprise linux server tus/8.4
canonical/redhat enterprise linux workstation
version/redhat enterprise linux workstation/7.0
canonical/redhat enterprise mrg
version/redhat enterprise mrg/2.0
vendor/debian
canonical/debian debian linux
version/debian debian linux/8.0
package-manager/debian
package-manager/ubuntu

CVE-2019-3459: Infoleak

Remedy

Remedy

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Company

Resources

Contact