CVE-2011-2480
Severity CVSS v4.0:
Pending analysis
Type:
CWE-200
Information Leak / Disclosure
Publication date:
27/11/2019
Last modified:
21/11/2024
Description
Information Disclosure vulnerability in the 802.11 stack, as used in FreeBSD before 8.2 and NetBSD when using certain non-x86 architectures. A signedness error in the IEEE80211_IOC_CHANINFO ioctl allows a local unprivileged user to cause the kernel to copy large amounts of kernel memory back to the user, disclosing potentially sensitive information.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:* | 8.2 (excluding) | |
| cpe:2.3:o:netbsd:netbsd:-:*:*:*:*:*:x86:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://access.redhat.com/security/cve/cve-2011-2480
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631160
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631161
- https://security-tracker.debian.org/tracker/CVE-2011-2480
- https://www.openwall.com/lists/oss-security/2011/06/20/15
- https://access.redhat.com/security/cve/cve-2011-2480
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631160
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631161
- https://security-tracker.debian.org/tracker/CVE-2011-2480
- https://www.openwall.com/lists/oss-security/2011/06/20/15