CVE-2011-2480

Summary

Information Disclosure vulnerability in the 802.11 stack, as used in FreeBSD before 8.2 and NetBSD when using certain non-x86 architectures. A signedness error in the IEEE80211_IOC_CHANINFO ioctl allows a local unprivileged user to cause the kernel to copy large amounts of kernel memory back to the user, disclosing potentially sensitive information.

Affected Software

VendorProductVersion RangeStatus
FreeBSD, NetBSDFreeBSDbefore 8.2affected
FreeBSD, NetBSDNetBSDn/aaffected

Weaknesses

  • info disclosure

ADP Enrichment

CVE Program Container

Additional References

References