Red Hat Bugzilla – Bug 914298
CVE-2013-0349 kernel: bluetooth HIDP implementation information disclosure
Last modified: 2015-07-31 02:58:39 EDT
Linux kernel built with Bluetooth stack and HIDP support HCONFIG_BT=y/m
& CONFIG_BT_HIDP=y/m is vulnerable to an information disclosure flaw caused
by wrongly initialising the hid_device->name, physical location and unique
identifier variables. Information leakage happens if these variables are not
A privileged(CAP_NET_ADMIN) user/program could cause this via ioctl(HIDPCONNADD) call.
This issue did affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 6.
This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2.
This was fixed in the upstream 3.7.6 stable kernel with commit e18ef0a55a00817e7ce7be8b3e0e725a2caaf1f2. All supported Fedora versions are on 3.7.8 or newer, so the issue is already resolved in Fedora.
Created kernel tracking bugs for this issue
Affects: fedora-all [bug 914693]
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2013:0744 https://rhn.redhat.com/errata/RHSA-2013-0744.html