CVE-2011-2480
HIGHFreeBSD < 8.2 and NetBSD - Unauthenticated Information Disclosure via IEEE80211_IOC_CHANINFO ioctl
Title source: llmDescription
Information Disclosure vulnerability in the 802.11 stack, as used in FreeBSD before 8.2 and NetBSD when using certain non-x86 architectures. A signedness error in the IEEE80211_IOC_CHANINFO ioctl allows a local unprivileged user to cause the kernel to copy large amounts of kernel memory back to the user, disclosing potentially sensitive information.
References (5)
Core 5
Core References
Third Party Advisory x_refsource_misc
https://security-tracker.debian.org/tracker/CVE-2011-2480
Broken Link x_refsource_misc
https://access.redhat.com/security/cve/cve-2011-2480
Third Party Advisory x_refsource_misc
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631161
Third Party Advisory x_refsource_misc
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631160
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://www.openwall.com/lists/oss-security/2011/06/20/15
Scores
CVSS v3
7.5
EPSS
0.0042
EPSS Percentile
61.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (2)
freebsd/freebsd
< 8.2
netbsd/netbsd
Published
Nov 27, 2019
Tracked Since
Feb 18, 2026